FedRAMP – Whatever’s Next?

my cup header

FedRAMP certainly has its issues.  The PMO opted out of the Cloud Caucus meeting, refused to comment on Fix FedRAMP.

That said, we understand the PMO’s working hard to make amends – and rolling out the long-awaited FedRAMP 2.0 on March 28th at GSA.  Want a sneak peek at what they’ll roll out?  Seems they took the hints in the Fix FedRAMP recommendations.  Here’s what we hear.

Transparency:

First off, the PMO’s focused on transparency.  It plans a new site that tracks ATOs and ATOs in progress – showing the duration of each CSP’s journey.  MeriTalk already delivers this visibility on the FedRAMP OnRAMP.  Check out the new CSP Journey tab – it shows the duration of CSPs’ FedRAMP certification processes.  Maybe the FedRAMP PMO should partner with MeriTalk, rather than reinvent the wheel with taxpayers’ money?  Call me crazy…

Quicker and Cheaper:

But, there’s more – a new ATO process.  It’s supposed to be quicker and cheaper – and the PMO is not so engaged.  Word is there are already three CSPs in the new process – two commercial providers and an 18F application.

Policing:

As the GSA PMO is taking a lesser role in approving ATOs, we understand it’ll work with OMB to better police agency ATO acceptance.  The notion is to cut back on the horror stories of agencies’ refusing to accept other agencies’ ATOs.  After all, sharing is caring – and isn’t that the essence of FedRAMP’s value proposition?

So What?

What does this all mean for CSPs and agencies?  If you’re a CSP considering FedRAMP certification, guessing it means wait and see.  No sense in doing it the hard way if there’s a new easy road under construction.

If you’re a CSP that already has an ATO, this is good news – ATO’d CSPs have been freaking out at the prospect of having to secure multiple ATOs to work with multiple agencies.  This compounded by rumors that agencies were about to start charging CSPs for ATOs.  No doubt, early adopter will want to know why they had to learn the hard way…

If you’re an agency, you better be careful about turning down other agencies ATOs – OMB’s taking aim at not-invented-here syndrome.

What Do You Hear?

Know a lot of us will be away on Spring break for GSA’s FedRAMP 2.0 coming out party on March 28th.  If you know any more about the details on FedRAMP 2.0 let us know.  Again, sharing is caring.

 

Steve O'Keeffe
About Steve O'Keeffe
Steve O'Keeffe is the founder of MeriTalk, the government IT network. MeriTalk is an online community that hosts professional networking, thought leadership, and focused events to drive the government IT dialogue. A 20-year veteran of the government IT community, O'Keeffe has worked in government and industry. In addition to MeriTalk, he founded Mobile Work Exchange, GovMark Council, and O’Keeffe & Company.
9 Comments
  1. Anonymous | - Reply
    Wondering if there will be real changes made to improve FedRAMP. Looking forward to March 28
  2. Anonymous | - Reply
    I'm interested to see what changes Matt Goodrich plans to implement on March 28th. I hope they take some of the recommendations into consideration, it would be great to have a quicker and more transparent process in place.
  3. Anonymous | - Reply
    "The PMO opted out of the Cloud Caucus meeting, refused to comment on Fix FedRAMP." This, in a nutshell, sums up what is wrong with FedRAMP. It's all about them, they know what they're doing, everybody else just needs to do things their way or they will take their ball and go home.
  4. Anonymous | - Reply
    It's time leadership at GSA wakes up and smells the coffee. FedRAMP impacts all of government IT. The stink off the PMO is smelling up GSA and making other agencies and industry run away holding their noses.
  5. Anonymous | - Reply
    Who's going to compensate the CSPs that already crawled naked across broken glass in the old system? When was GSA going to tell industry about these changes? Isn't it time for some adult supervision over there?
  6. Anonymous | - Reply
    I'd like to stick up for Matt Goodrich in this difficult situation. I don't think we should be disappointed in Matt, we should be disappointed in ourselves for thinking that somebody with his level of experience was capable of doing this job.
  7. Anonymous | - Reply
    I see GSA/18F announced that it will soon be accepting proposals for a contractor to build the FedRAMP Dashboard, which seems to have already been built and is up and running through the FedRAMP OnRAMP. https://github.com/18F/bpa-fedramp-dashboard I appreciate that the FedRAMP office is pushing greater transparency, but if one of the program goals is to cut down on on duplicative, wasteful gov spending then why not use the tools that already exist?
  8. Anonymous | - Reply
    I'd like to echo the point above. If you wonder why Trump is rolling to the White House its precisely because of this blatant disregard for how "civil servants" spend our hard earned tax dollars. Why is GSA issuing an RFP for stuff it can get for free if they just get off their high horse and partner with industry. I'm sick and tired of this pigheadedness and privilege and it has to stop. Who do these government people think they are anyway, you're supposed to be serving our country not spending your money. I have news for you its not your money. Here's a hard truth for you Matt Goodrich if you want to know whats wrong with your program and whats wrong with our government take a good hard look at yourself. GSA leadership you need to get this situation under control, after the beating on the hill what will it take to get you to wake up. If you dont youll make very different decisions with Trumps size 13 in your rear.
  9. Anonymous | - Reply
    GSA is not issuing an RFP for anything it can get for free. Some of the people making posts in this forum are very uninformed.

Leave a Reply