GSA to Let Agencies Bypass Certain FedRAMP Rules Based on Data Type

(Illustration: Shutterstock)

(Illustration: Shutterstock)

The General Services Administration is working on a new approach to the Federal Risk and Authorization Management Program (FedRAMP), which would allow agencies to bypass certain security requirements based on the type of data being collected.

FedRAMP Tailored would be available for agencies that want to store non-sensitive data sets in the cloud.

“Hey look, I don’t think I need all these protections on this particular cloud service,” said Ashley Mahan, FedRAMP Agency Evangelist for GSA.

Mahan said that GSA wants to make FedRAMP Tailored available for agencies during the incoming Trump administration, within the next 18 months. This would create an expedited process for FedRAMP certifications for agencies that don’t need as many security protections.

“Protecting Federal data and protecting citizen data is of utmost concern and that’s what FedRAMP does for the cloud,” said Mahan.

Agencies are also working to integrate the cloud and mobile environments as employees continue to work from mobile technologies in the Federal government.

“There’s a definite challenge in being able to retain the IT professionals as we move into a new operations environment,” said Stephen Rice, chief technology officer and assistant administrator for information technology at the Transportation Security Administration.

Rice said that agencies should work to combine cloud and mobile environments during the next presidential administration because then IT professionals will be able to understand their agencies’ systems more completely and have a better grasp on the security and infrastructure requirements.

Rice said that agencies should know what their system’s architecture looks like, how to change it to their advantage, and how to educate users on where their data is located.

“How do I understand where we’re going to expand our resources?” Rice said.

After the presidential transition, the agencies are planning to work on collaborating with users.

“We’re going to continue to solidify and strengthen those communication channels,” Mahan said.

During the last two years of the Obama administration, Mahan said that GSA’s greatest IT accomplishments have been increasing the speed of FedRAMP authorization and convincing chief information officers to put more trust in the security of the cloud. Mahan said that these goals should continue into the Trump administration.

“[CIOs] understand the benefits of the cloud,” Mahan said. “The trust factor has really increased over the past couple of years.”

 

 

 

Morgan Lynch
About Morgan Lynch
Morgan Lynch is a Staff Reporter for MeriTalk covering Federal IT and K-12 Education.
No Comments

    Leave a Reply


    Popular

    Recent