The Federal Risk and Authorization Management Program (FedRAMP) said today it has received the first draft versions from industry organizations of the submissions they plan to make by later this month in response to the program’s FedRAMP 20x Phase One pilot.
The Phase One pilot springs from FedRAMP’s 20x revamp effort launched in March, and has been a central theme in the several industry working groups that the program has established since then.
The 20X effort is focusing on automation to speed the approval process for secure cloud services authorized by FedRAMP for use by government agencies. It is also aiming to make the process of obtaining program authorizations simpler, easier, and cheaper while continuously improving security.
The Phase One pilot, as detailed by FedRAMP, will test “how cloud service providers can meet FedRAMP Low authorization requirements using a combination of automated technical validation, existing commercial certification, and simple documentation requirements to generate machine-readable packages that can be assessed by trusted third parties.”
The deadline to submit draft versions of Phase One pilot submissions is May 26.
Speaking on a working group call today, a FedRAMP staffer disclosed that the program had received multiple draft submissions.
“That’s step one,” the staffer said, adding that the program management office “will start reviewing [draft] packages today and provide feedback on a periodic basis via GitHub as we go through this process … We’re going to review them as they come in and start getting some feedback out there.”
Separately, FedRAMP Director Pete Waterman said today on his LinkedIn account that the program had received draft submissions from two cloud service providers, and he provided links to those.
“Less than two months ago, FedRAMP shared their new mission: FedRAMP will set standards that enable private innovation to create the solution,” Waterman said.
“Today, the first two cloud service providers have publicly shared draft FedRAMP 20x Low submissions based on the draft security capabilities FedRAMP expects secure cloud services to demonstrate,” Waterman said. “This is what innovation looks like.”