Acquisition

FedRAMP’s ‘year of refinement’ emphasizes improvements to continuous monitoring

In 2018, the office is looking to fine-tune the guidance it’s using to connect cloud service providers with federal agencies.

By Carten Cordell

February 6, 2018

Ashley Mahan speaks May 17, 2017, at the Public Sector Innovation Summit presented by VMware and produced by FedScoop and StateScoop. (FedScoop)

Last year, the Federal Risk and Authorization Management Program moved to streamline how it authorized the cloud service providers that contract with federal agencies. In 2018, it’s looking to fine-tune the guidance that CSPs use to meet the needs of those agencies.

The process includes new guidance adjustments, released last week, on how FedRAMP judges compliance with continuous monitoring rules. CSPs must maintain an appropriate level of “ConMon” for threats and intrusions as part of their cybersecurity risk postures.

“This is kind of a year of refinement for us,” said Ashley Mahan, FedRAMP’s agency evangelist, speaking with FedScoop at a Feb. 1 Government Information Technology Executive Council event.

Overseeing CSPs’ compliance with continuous monitoring has been a big cost driver for FedRAMP. Director Matt Goodrich said in December that the office spends 75 percent of its security budget on it. With the new guidance, FedRAMP is looking to not only streamline those requirements, but also improve compliance.

“We’re helping all of our customers understand FedRAMP, helping them navigate through the program and give them everything they need to successfully issue those authorizations and also for industry to successfully work with agencies in the FedRAMP way,” Mahan told FedScoop.

The new guidance also included updates to cryptographic protocols like Transport Layer Security and identity management standards from the National Institute of Standards and Technology.

“Basically, it was a response to a lot of industry and agency feedback with wanting to provide additional details and guidance about certain requirements,” Mahan said.

Incorporating that feedback is part of FedRAMP’s broader goal in 2018 to open up cloud adoption, including trainings for agency information security systems personnel to help empower them more through the authorization process.

“I think what we really want to do this year, especially from an agency standpoint, we really want to increase the number of agencies using cloud technologies,” Mahan said. “We’ve heard from our customers that the authorization process can be lengthy, and we really want to show them that it doesn’t have to be that way.

“We’re going to show you the best practices and empower you to go through these authorizations in a quick and informative way.”

FedRAMP’s ‘year of refinement’ emphasizes improvements to continuous monitoring

More Like This

VA seeks information on AI governance framework

GSA issues final draft solicitation for Ascend blanket purchase agreement

Why agencies need to focus on modernizing public interaction over infrastructure

Top Stories

SSA database to flag synthetic identity fraud has cost issues, GAO finds

Data, talent, funding among top barriers for federal agency AI implementation

Government websites aren’t created equal. GSA’s 10x program aims to change that

Announcing the 2024 FedScoop 50

House Republicans probe NIST on facial recognition for federal digital identity verification

White House’s final ‘Trust Regulation’ aims to bolster confidence in federal statistics

CISA official: AI tools ‘need to have a human in the loop’

Login.gov announces availability for facial recognition technology

More Scoops

White House releases long-awaited FedRAMP modernization guidance for agencies, cloud service providers

OMB extends comment period for new FedRAMP guidance

Executive order gives GSA a lead role in executing the administration’s AI vision, Carnahan says

With draft guidance, OMB kickstarts effort to modernize FedRAMP for ‘today’s cloud challenges’

Federal cloud advisory committee sets public meetings to provide recommendations for FedRAMP

New FedRAMP guidance forthcoming as the cloud marketplace evolves

Microsoft Azure OpenAI service approved for use on sensitive government systems

Latest Podcasts

A look at next week’s hearing on unidentified anomalous phenomena

Login.gov launches facial recognition option; the White House issues final Trust Regulation

HHS is working on a new AI strategic plan; Budget woes for government’s science and technology efforts

Meet the winners of the 2024 FedScoop 50; And, how the DOE sees itself counteracting the AI industry’s ‘profit motive’

Tech

Defense

Cyber

FedScoop TV