Editor’s Note: This blog was originally on the www.fedramp.gov.
TO OUR PARTNERS:
Over the past six months we’ve spent the bulk of our time on the road meeting with you — in person, on the phone, and digitally — listening to what’s on your mind. We wanted feedback on how you engage with FedRAMP now, how you would like to engage with FedRAMP in the future, and any improvements we could make to the program so that your experience was better. We haven’t only been listening — we are also taking action based on what we heard, and are evolving FedRAMP behind the scenes. Now we’re ready to show you what we’ve done and ask for your help so that we can turn our work into reality.
Before we share what we heard and what we’re doing to evolve, let’s talk about what’s happened over the last six months:
- We’ve had a 340 percent increase in FedRAMP training enrollees: from 500 to 1700 enrollees.
- There has been a 50 percent increase in FedRAMP authorizations: from 40 to 60 authorizations.
- We’ve engaged with over 80 groups of stakeholders including CSPs, 3PAOs, and Agencies in an effort to better understand your customer journeys with FedRAMP.
- We’ve undergone a redesign with the Joint Authorization Board (JAB) — this effort’s goal is to make provisional authorizations happen in under 6 months.
- We began and are in the last stages of finalizing a high impact baseline, and are piloting the process with multiple vendors at the high impact baseline.
We’re really proud of all we’ve achieved over the last six months — and we can’t wait to capitalize on this and keep delivering more for all of you.
The Last Six Months – We Talked With You
We’ve been talking with a lot of you over the past few months — and this effort is not a one time thing — it will be an ongoing and deliberate process to hear how you are interacting with us and will allow us to keep a pulse on how we’re doing. Your candid feedback has allowed us to analyze how FedRAMP works — what we do, how we do it and how you consume it. We talked with you about a lot of topics, but most of you wanted to talk about two things:
- Provisionally authorizing CSPs for governmentwide use through the JAB.
- Facilitating how agencies use and authorize cloud services.
When we heard this repeatedly, we got to work and went into overdrive. We want these core services to be as effective and efficient as possible — and to make sure we meet all of your expectations.
The Last Six Months – Some Opportunities to Improve
We heard plenty of positive comments from many of you. What’s more important, however, is that when we heard your expectations and what’s most important to you, we heard some hard truths:
- The JAB provisional authorizations should be faster.
- You want more FedRAMP compliant CSPs.
- You want to understand how agencies, CSPs, and 3PAOs are engaging with FedRAMP via FedRAMP.gov.
This made us take a hard look at ourselves and what we were trying to achieve. We looked at our initial FedRAMP Forward plan. In reviewing it, we came to the conclusion it was overly aggressive — we were trying to boil the ocean. We’ve taken this feedback and worked with OMB to re-direct our efforts to the fewest, most important things that we heard you want. In that vein, we’re focusing on two key initiatives that will have immediate results based on what you want:
- Revising the JAB provisional authorization process to happen in under six months which will in turn allow the number of authorizations to scale.
- Create a public dashboard on FedRAMP.gov to detail agency use, CSP authorizations, and where CSPs are in the authorization process.
And the good news is, we’ve already started on these initiatives. We’ve been hard at work the last few months beginning our efforts to make this a reality.
The Next Six Months – How We Move Forward Together
We are going to begin hosting a series of events over the coming months to roll out our redesigned process and vet some of the key elements with you. Please mark your calendars for March 28th — our first event will take place on that day here at GSA’s Headquarters at 1800 F Street in Washington DC. Registration and details will be coming out next week on March 17th via www.FedRAMP.gov.
These events will signify a turning point in our “listening tour” by moving into “action mode.” In order to make sure we get everyone’s feedback — CSP’s, 3PAOs, and Government — we’ll be collaborating with ACT-IAC on these events and working closely with their Cloud Community of Interest. We’re excited to partner with a group that has a long track record of getting the brightest minds in industry and government to work together to find solutions that work for both government and industry through true collaboration.
Thank you for sharing your experiences with us — good and bad. We need your continued engagement now more than ever as we evolve FedRAMP to further achieve its mission, serve you, and be the premier cyber program for the US Government. There will be lots to discuss and work through in the coming months, and we can’t wait to get out there, roll up our sleeves, and work together!
Matt Goodrich, JD
US General Services Administration