FedRAMP announced that it has kicked off a new initiative – the Agency Liaison Program – that the FedRAMP Project Management Office (PMO) said is “designed to transform the way FedRAMP informs and collaborates with Federal agencies,” and “help agencies and industry be more efficient in their cloud adoption efforts.” […]

The National Institute of Standards and Technology (NIST) released Open Security Controls Assessment Language (OSCAL) 1.0.0 Milestone 3, a key step toward finalizing the full initial release of OSCAL v1. […]

Katie Arrington, Cybersecurity Maturity Model Certification (CMMC) lead and CISO for acquisition at the Department of Defense’s (DoD) Undersecretary of Defense, confirmed that the CMMC and FedRAMP (Federal Risk and Authorization Management Program) offices are working on a way to grant reciprocity between the two certifications. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is advising the Federal workforce to use the “Zoom for Government” platform for teleconferencing instead of the company’s free service. […]

Fresh off notching an A+ grade on the latest FITARA Scorecard, the Department of Education knows it has a handle on good IT, and agency CISO Steven Hernandez said today he credits a measure of that success to an important mindset change on data. […]

A senior General Services Administration (GSA) official said today the agency is supportive of the primary aims of a new report recommending steps to modernize the Federal Risk and Authorization Management Program (FedRAMP), which provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. […]

The Federal Risk and Authorization Management Program (FedRAMP) and the National Institute of Standards and Technology (NIST) released the Open Security Controls Assessment Language (OSCAL) Milestone 2 for public comment. […]

The Federal Risk and Authorization Management Program (FedRAMP) saw a spike in authorizations from 2017 to 2019, but the program is still not used in all cloud acquisitions and agencies have gaps in implementing controls, according to a report from the Government Accountability Office (GAO) released December 12. […]

The General Services Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP) will focus on administering simplicity, automation, marketplace growth, and learning opportunities in Fiscal Year 2020, according to Director Ashley Mahan. […]

The Securities and Exchange Commission (SEC) has taken an ad-hoc approach to cloud adoption instead of following its cloud strategy, and did not fully implement security measures, according to a report from the SEC’s inspector general released November 7. […]

The General Services Administration is taking its FedRAMP Program to cloud service providers, start-ups, and entrepreneurs in San Francisco on Sept. 25 to showcase opportunities to work with the program that speeds the authorization process to provide products and services in the Federal government’s $90 billion per year IT market. […]

A project under development at the National Institute of Standards and Technology (NIST) is aiming to fully automate FedRAMP (Federal Risk and Authorization Management Program) and enable interoperable automation for cloud service providers (CSPs). […]

The Defense Information Systems Agency (DISA) issued an Aug. 15 provisional authorization that would enable Defense Department (DoD) components and mission partners to streamline cloud authorizations. […]

Federal officials spoke about the future role of the cloud in mobile device management (MDM) and security at the ATARC Federal Mobile Technology Summit today. […]

FITARA, FedRAMP, and 21st Century IDEA are all shaping Federal IT modernization efforts, explained Rich Beutel and Mike Hettinger at ServiceNow’s Knowledge 2019 Conference. […]

Leadership of the House Government Reform Subcommittee introduced legislation today that would codify into law the FedRAMP (Federal Risk Assessment and Management Program), and take a number of other actions aimed at making the program work more efficiently. […]

The Federal Risk and Authorization Management Program (FedRAMP) today announced the launch of its Ideation Challenge that aims to inform the next iteration of the program’s processes and supporting functions. […]

Federal IT is on the right path and is making progress on modernization, but Congress will continue to push agencies to modernize faster and address slowdowns in processes, including FedRAMP, said Representative Gerry Connolly, D-Va. […]

The Consumer Financial Protection Bureau (CFPB) did not fully assess and authorize all of its cloud systems and did not effectively communicate with the FedRAMP program management office, leaving its cloud security at risk, according to an inspector general report published July 17. […]

Democratic and Republican leaders of the House Subcommittee on Government Reform today previewed their bipartisan effort to create legislation that would codify into law the FedRAMP (Federal Risk Assessment and Management Program) program that standardizes security requirements of cloud services used by the government, and make the FedRAMP program operate more efficiently. […]

The House Government Operations Subcommittee’s hearing on the role of FedRAMP in IT modernization is scheduled to begin at 11 a.m., on Wednesday, July 17. […]

Matt Goodrich, a senior advisor at the General Services Administration’s Technology Transformation organization and former director of the FedRAMP (Federal Risk and Authorization Management Program) program, announced in a tweet today that he will depart Federal service on July 26. […]

Several high-ranking Federal agency tech leaders are set to testify before the House Government Operations Subcommittee on July 17 when it holds a hearing to consider the effectiveness of the FedRAMP (Federal Risk Assessment and Management Program) program that standardizes security requirements of cloud services used by the government. […]

With vendors in various stages of approval for companies in the Federal Risk Assessment and Management Program (FedRAMP) program, getting a cloud offering approved and at the right level can be confusing, but new guidance from the FedRAMP program management office (PMO) aims to fix that. […]

ACT-IAC announced it is seeking government and industry experts to volunteer for a work group to exchange information on cloud security authorizations to operate (ATOs). ACT-IAC is establishing the group to help the General Services Administration’s Technology Transformation Services (TTS) organization and FedRAMP learn more about industry’s approach to security and cloud authorizations. The group […]

Agencies continue to move their data to the cloud, but increasing adoption of cloud applications outside of existing security programs like FedRAMP (the Federal Risk and Authorization Management Program) and the CIO’s office brings security concerns as well, a new report notes. […]

The FedRAMP program has provided more authorizations to software-as-a-service (SaaS) applications and reduced the time to authorization in the last three years of the program, according to an analysis of the program. […]

The House Appropriations Committee is putting pressure on the General Services Administration (GSA) to get agencies migrated over to the Enterprise Infrastructure Solutions (EIS) Contract, including a provision to push agencies to adopt the contract, as well as other IT oversight items for GSA. […]

The General Services Administration (GSA) faces a number of challenges for FY2019, including improving procurement metrics reporting through the Federal Acquisition Service (FAS), and in the area of agency cybersecurity, according to the GSA Office of Inspector General (OIG) semiannual report to Congress issued today. […]

A new report from ACT-IAC (American Council for Technology-Industry Advisory Council) finds that zero-trust technologies are available and lend themselves to incremental installation, but need support from the mission side of the agency for effective implementation. […]