The Federal Risk and Authorization Management Program (FedRAMP) and the National Institute of Standards and Technology (NIST) released the Open Security Controls Assessment Language (OSCAL) Milestone 2 for public comment. […]

The Federal Risk and Authorization Management Program (FedRAMP) saw a spike in authorizations from 2017 to 2019, but the program is still not used in all cloud acquisitions and agencies have gaps in implementing controls, according to a report from the Government Accountability Office (GAO) released December 12. […]

The General Services Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP) will focus on administering simplicity, automation, marketplace growth, and learning opportunities in Fiscal Year 2020, according to Director Ashley Mahan. […]

The Securities and Exchange Commission (SEC) has taken an ad-hoc approach to cloud adoption instead of following its cloud strategy, and did not fully implement security measures, according to a report from the SEC’s inspector general released November 7. […]

The General Services Administration is taking its FedRAMP Program to cloud service providers, start-ups, and entrepreneurs in San Francisco on Sept. 25 to showcase opportunities to work with the program that speeds the authorization process to provide products and services in the Federal government’s $90 billion per year IT market. […]

A project under development at the National Institute of Standards and Technology (NIST) is aiming to fully automate FedRAMP (Federal Risk and Authorization Management Program) and enable interoperable automation for cloud service providers (CSPs). […]

The Defense Information Systems Agency (DISA) issued an Aug. 15 provisional authorization that would enable Defense Department (DoD) components and mission partners to streamline cloud authorizations. […]

Federal officials spoke about the future role of the cloud in mobile device management (MDM) and security at the ATARC Federal Mobile Technology Summit today. […]

FITARA, FedRAMP, and 21st Century IDEA are all shaping Federal IT modernization efforts, explained Rich Beutel and Mike Hettinger at ServiceNow’s Knowledge 2019 Conference. […]

Leadership of the House Government Reform Subcommittee introduced legislation today that would codify into law the FedRAMP (Federal Risk Assessment and Management Program), and take a number of other actions aimed at making the program work more efficiently. […]

The Federal Risk and Authorization Management Program (FedRAMP) today announced the launch of its Ideation Challenge that aims to inform the next iteration of the program’s processes and supporting functions. […]

Federal IT is on the right path and is making progress on modernization, but Congress will continue to push agencies to modernize faster and address slowdowns in processes, including FedRAMP, said Representative Gerry Connolly, D-Va. […]

The Consumer Financial Protection Bureau (CFPB) did not fully assess and authorize all of its cloud systems and did not effectively communicate with the FedRAMP program management office, leaving its cloud security at risk, according to an inspector general report published July 17. […]

Democratic and Republican leaders of the House Subcommittee on Government Reform today previewed their bipartisan effort to create legislation that would codify into law the FedRAMP (Federal Risk Assessment and Management Program) program that standardizes security requirements of cloud services used by the government, and make the FedRAMP program operate more efficiently. […]

The House Government Operations Subcommittee’s hearing on the role of FedRAMP in IT modernization is scheduled to begin at 11 a.m., on Wednesday, July 17. […]

Matt Goodrich, a senior advisor at the General Services Administration’s Technology Transformation organization and former director of the FedRAMP (Federal Risk and Authorization Management Program) program, announced in a tweet today that he will depart Federal service on July 26. […]

Several high-ranking Federal agency tech leaders are set to testify before the House Government Operations Subcommittee on July 17 when it holds a hearing to consider the effectiveness of the FedRAMP (Federal Risk Assessment and Management Program) program that standardizes security requirements of cloud services used by the government. […]

With vendors in various stages of approval for companies in the Federal Risk Assessment and Management Program (FedRAMP) program, getting a cloud offering approved and at the right level can be confusing, but new guidance from the FedRAMP program management office (PMO) aims to fix that. […]

ACT-IAC announced it is seeking government and industry experts to volunteer for a work group to exchange information on cloud security authorizations to operate (ATOs). ACT-IAC is establishing the group to help the General Services Administration’s Technology Transformation Services (TTS) organization and FedRAMP learn more about industry’s approach to security and cloud authorizations. The group […]

Agencies continue to move their data to the cloud, but increasing adoption of cloud applications outside of existing security programs like FedRAMP (the Federal Risk and Authorization Management Program) and the CIO’s office brings security concerns as well, a new report notes. […]

The FedRAMP program has provided more authorizations to software-as-a-service (SaaS) applications and reduced the time to authorization in the last three years of the program, according to an analysis of the program. […]

The House Appropriations Committee is putting pressure on the General Services Administration (GSA) to get agencies migrated over to the Enterprise Infrastructure Solutions (EIS) Contract, including a provision to push agencies to adopt the contract, as well as other IT oversight items for GSA. […]

The General Services Administration (GSA) faces a number of challenges for FY2019, including improving procurement metrics reporting through the Federal Acquisition Service (FAS), and in the area of agency cybersecurity, according to the GSA Office of Inspector General (OIG) semiannual report to Congress issued today. […]

A new report from ACT-IAC (American Council for Technology-Industry Advisory Council) finds that zero-trust technologies are available and lend themselves to incremental installation, but need support from the mission side of the agency for effective implementation. […]

Since FedRAMP introduced the Tailored baseline for Low-Impact Software-as-a-Service (Li-SaaS) in 2017, 11 cloud services at 10 Federal agencies – accounting for 25 percent of all services authorized in 2018 – have achieved Tailored authorizations which has allowed the project management office (PMO) to identify best practices for Cloud Service Providers (CSP) and agencies who may consider a FedRAMP Tailored authorization. […]

FedRAMP (the Federal Risk and Authorization Management Program) is looking to automation and reciprocity with industry standards in different sectors as it focuses on improvements in 2019, said Ashley Mahan, director of the FedRAMP Project Management Office (PMO), at FCW’s Cloud Summit today. […]

One of the major wrinkles to iron out in the Federal government’s move to the cloud has been security. Concerns regarding security have prompted some agencies to move cautiously, and the government to create whole programs dedicated to ensuring it. But cloud also provides some security advantages, which the Department of Defense (DoD) is taking advantage of to provide services to warfighters and small-business contractors. […]

A recent audit by the General Services Administration’s (GSA) Office of Inspector General found that GSA’s Federal Risk and Authorization Management Program (FedRAMP) Program Management Office (PMO) has not yet established an adequate structure to assist the Federal government with adoption of secure cloud services. […]

The Department of Homeland Security (DHS) released a request for information (RFI) on Tuesday asking for support in moving systems to the cloud, optimizing its remaining enterprise data center, and gathering comment on the department’s plan. The deadline to respond is March 20. […]

The General Services Administration (GSA) rescheduled its planned outreach to industry in looking for an automated solution that can help agencies conduct audits of Federal grant recipients. The new date for the virtual pre-demonstration conference is March 4, and industry demonstration days will be held on April 3 and April 5. […]