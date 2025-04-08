The Federal Risk and Authorization Management Program (FedRAMP) is aiming to maximize its use of existing commercial security frameworks and reduce redundant documentation requirements as part of its “20x” program revamp, program officials said today.

Those officials explained that goal at the initial meeting of the program’s new Applying Existing Frameworks Working Group. The working group is pursuing three initial goals.

“The first is to explore existing commercial standards to determine if any would be applicable to Federal security requirements,” one program staff member said.

“To the greatest extent possible, we want FedRAMP to rely on existing best practices and commercial security frameworks,” the staff member said.

“The second objective is to identify any gaps that may exist between existing commercial frameworks and FedRAMP requirements, so that any additional tasks are focused only on those requirements not already met,” the staff member added.

“The third objective is to investigate automation potential, and if any frameworks have existing automation support,” the staff member said.