This is the time of year for small talk, silly sweaters, and, as we head into the holiday lull, little else. This year’s different – two new developments. FedRAMP’s frothing and Senators Tom Udall, D-N.M., and Jerry Moran, R-Kan., two powerful Senate Appropriators, unwrapped the Cloud Infrastructure Transition Act, the son of FITARA legislation. This new proposed legislative package is designed to turbo charge Uncle Sam’s cloud transformation. Time to think ahead about New Year’s resolutions early before we’ve even had a chance to over indulge.
FedRAMP’s right at the center of the excitement. This week, Phaedra Chrousos, GSA’s Associate Administrator for Citizen Services and Innovative Technologies, announced the agency plans to slash the CSP FedRAMP ATO duration to three months next year. Citing Unisys’ 18-month and eight-attempt experience as what’s wrong, she admitted the program’s painful and needs an overhaul. Straight talk and a commitment to do better – GSA moves right to the top of the nice list.
Here come the next logical questions – how? and, is speed enough?
FedRAMP Fast Forward will release the Fix FedRAMP paper in the new year – look for a public discussion of the path forward at the Cloud Computing Caucus meeting on Capitol Hill on February 4.
The Cloud Infrastructure Transition Act recognizes that FedRAMP’s pivotal to Uncle Sam’s cloud conversion – it calls for the establishment of a public-private working group to fix FedRAMP. An established not-for-profit, public-private working group, FedRAMP Fast Forward fits the bill. Seems the reindeer are all pulling in the same direction…
A six-point plan, Fix FedRAMP focuses on more than accelerating the ATO process for CSPs. It calls for increased transparency, harmonizing standards, normalizing JAB and agency ATO certification processes, cutting the cost of continuous monitoring, empowering infrastructure upgrades, and establishing DoD crosswalks for ATOs. Understand that the paper’s circulating on the Hill right now. Try and get your hands on a copy – it’s designed to drive change by stimulating long-overdue structured debate and discussion. Register for the Cloud Computing Caucus meeting on the Hill on February 4. A word of warning, it’ll be easier to get a ticket to see the new Star Wars movie this weekend, so put the cloud caucus meeting ticket high on your wish list.
Senate Shift to Savings
Now to the Cloud Infrastructure Transition Act, the new proposed legislation. In addition to flagging the need to fix FedRAMP and establishing a public-private working group, the act pushes cloud expansion and website compression.
Three Things in the Cloud:
First, the act looks to establish a revolving capital fund for cloud acquisitions – the biggest provision that was cut from FITARA in the final political horse trading associated with its passage into law. The net here, OMB tells us 80 percent of the Federal IT budget keeps legacy systems on life support. Uncle Sam has massive duplication in siloed IT systems – we need shared services. Cloud offers a way to break with the past, but cloud can’t happen without investment. The Cloud Infrastructure Transition Act allows agencies to access multi-year money to fund their modernization plans.
Some significant stipulations. Dollars in the fund revolve for five years – then expire. Further reinforcing the importance of FedRAMP, the bill prohibits the cloud services agencies can acquire with these multi-year funds – agencies can only use the revolving fund for FedRAMP-compliant CSP offerings. Last, the bill calls for GSA to administer the revolving capital fund. Let’s hope Phaedra Chrousos’ announcement points to a break with the past at GSA.
Second, the Cloud Infrastructure Transition Act requires GAO to conduct an audit of the revolving capital fund to gauge its effectiveness and measure agency usage.
Third, the bill requires agency CIOs to submit a three-year cloud migration forecast for their agency – and requires public release of these plans on the OMB IT Dashboard. It calls for a series of other reports designed to ratchet up the pressure on agencies to jump to the cloud. It also calls on OMB to assess and publish cloud migration best practices, tools, training, and transition plans.
Last but not least, the Cloud Infrastructure Transition Act takes a swing at the Federal website sprawl. A common sense measure, it requires agencies to consolidate or eliminate overlapping public facing websites. The act goes further, requiring all Federal web sites should be open — complying with interoperability and open standards as well as 508 requirements. Isn’t it time that Uncle Sam ate his own dog food on compliance…?
And now for the dismount. A whole lot’s shaking under the tree – not quite time to tune out until the end of this week. Enjoy the holidays – no cup of Eggnog next week. Look out for the Fix FedRAMP paper early next year.