The Federal Risk and Authorization Management Program, or FedRAMP, is used to ensure services offered by cloud providers meet certain cybersecurity requirements before government agencies can use them.
“Our partnership with the commercial cloud industry needs serious improvement. Strengthening this relationship will help us fulfill our commitment to cutting waste and adopting the best available technologies to modernize the government’s aging IT infrastructure,” Stephen Ehikian, acting administrator of the General Services Administration, which runs FedRAMP, said in a statement. “FedRAMP 20x will give agencies access to the latest technology now — not months or years down the road.”
A major focus of the change is moving from manual compliance checklists to automated security validations, as Nextgov/FCW reported last week. The goal is to have automated validation for over 80% of the program’s security requirements, as opposed to written explanations, GSA says. Instead of annual assessments, there will be automated checks.
The legislation officially authorizing FedRAMP, included in the 2023 must-pass defense policy bill, also tasked the program with speeding up cloud authorizations by using automation, a to-do item that was also included in revamped guidance for the program last summer.
GSA is also getting rid of requirements for a federal agency sponsor for simple, low-impact service offerings and is aiming to finish authorization in weeks for most cloud offerings, it says.
The updates to the program come as the team ..
Support the originator by clicking the read the rest link below.
