Microsoft is First to Cross FedRAMP Accelerated Finish Line

(Photo: Shutterstock)

(Photo: Shutterstock)

The General Services Administration announced today that the Microsoft Dynamics CRM Online Government was issued a Provisional Authority to Operate (P-ATO) by the Joint Authorization Board (JAB) on Sept. 22, the first product to receive one through the new FedRAMP Accelerated program.

“The new FedRAMP process—FedRAMP Accelerated—was designed to be more in line with the speed of digital transformation, creating a more predictable and reliable timeline for CSPs to become authorized within FedRAMP,” wrote Susie Adams, CTO of Microsoft Federal, in the Microsoft press release. “Microsoft has been working with FedRAMP since its inception, which allowed it to meet the new FedRAMP standards and achieve the P-ATO within just 15 weeks since beginning the FedRAMP Accelerated review process.”

The 15-week authorization process  is nearly seven times faster than FedRAMP’s most previous ATO, and well within the six-month goal set by GSA when the FedRAMP Accelerated program was announced.

Part of this change in speed comes from the FedRAMP Readiness Assessment Report (RAR) which can be used to determine if a cloud service provider (CSP) is “FedRAMP Ready.”

“These readiness assessments ensure that CSPs entering the FedRAMP authorization process have the key technical capabilities in place prior to beginning an authorization,” Matt Goodrich, the FedRAMP director, wrote in a blog announcing Microsoft’s P-ATO. “This ensures vendors won’t have to introduce new technologies or engineering updates to their system during authorization.”

Unisys’ Secure Private Cloud for Government and Edge for Government and 18F’s were also part of the original FedRAMP Accelerated program and are expected to receive authorization within the six-month time frame.

Editor’s Note: This story has been updated to correct the name of the Microsoft product that received the P-ATO. 

Jessie Bur
About Jessie Bur
Jessie Bur is a Staff Reporter for MeriTalk covering Cybersecurity, FedRAMP, GSA, Congress, Treasury, DOJ, NIST and Cloud Computing.
  1. Anonymous | - Reply
    This is good news and an admirable start. That said, as noted by Microsoft in the article, they have been with FedRAMP since the beginning, are very familiar with the required controls, documentation, etc. I suspect the same applies to the CSPs mentioned that are in the accelerated pipeline. The real test of the accelerated process will be with companies who are less familiar with the process, required docuemntation and controls.
  2. Anonymous | - Reply
    That's great to hear FedRAMP Accelerated has already granted authorization. But I agree with the above comment. Wondering how this program will work with companies who haven't been with FedRAMP since the start.

Leave a Reply