That said, we understand the PMO’s working hard to make amends – and rolling out the long-awaited FedRAMP 2.0 on March 28th at GSA. Want a sneak peek at what they’ll roll out? Seems they took the hints in the Fix FedRAMP recommendations. Here’s what we hear.
First off, the PMO’s focused on transparency. It plans a new site that tracks ATOs and ATOs in progress – showing the duration of each CSP’s journey. MeriTalk already delivers this visibility on the FedRAMP OnRAMP. Check out the new CSP Journey tab – it shows the duration of CSPs’ FedRAMP certification processes. Maybe the FedRAMP PMO should partner with MeriTalk, rather than reinvent the wheel with taxpayers’ money? Call me crazy…
Quicker and Cheaper:
But, there’s more – a new ATO process. It’s supposed to be quicker and cheaper – and the PMO is not so engaged. Word is there are already three CSPs in the new process – two commercial providers and an 18F application.
As the GSA PMO is taking a lesser role in approving ATOs, we understand it’ll work with OMB to better police agency ATO acceptance. The notion is to cut back on the horror stories of agencies’ refusing to accept other agencies’ ATOs. After all, sharing is caring – and isn’t that the essence of FedRAMP’s value proposition?
What does this all mean for CSPs and agencies? If you’re a CSP considering FedRAMP certification, guessing it means wait and see. No sense in doing it the hard way if there’s a new easy road under construction.
If you’re a CSP that already has an ATO, this is good news – ATO’d CSPs have been freaking out at the prospect of having to secure multiple ATOs to work with multiple agencies. This compounded by rumors that agencies were about to start charging CSPs for ATOs. No doubt, early adopter will want to know why they had to learn the hard way…
If you’re an agency, you better be careful about turning down other agencies ATOs – OMB’s taking aim at not-invented-here syndrome.
What Do You Hear?
Know a lot of us will be away on Spring break for GSA’s FedRAMP 2.0 coming out party on March 28th. If you know any more about the details on FedRAMP 2.0 let us know. Again, sharing is caring.