The White House recently released its final guidance on the Federal Risk and Authorization Management Program (FedRAMP) modernization in response to evolving cloud market dynamics and the need for more versatile mission delivery by federal agencies, Fedscoop reported.
The new guidance aims to overhaul the cloud security authorization program and emphasizes several strategic goals, including enhancing FedRAMP's capacity for rigorous reviews and mandating that cloud service providers (CSPs) promptly address any security architecture vulnerabilities to safeguard federal agencies from significant threats.
After the guidance is released, agencies will have 180 days to either issue or update their agency-wide policies to align with the memorandum’s requirements.
These policies must support the use of cloud computing products and services that meet the security and risk-based performance standards set by the Office of Management and Budget (OMB), GSA, and the Cybersecurity and Infrastructure Security Agency.
Furthermore, agency policies should not exclude specific FedRAMP authorization paths or sponsors, in line with the program’s presumption of authorization adequacy.
Earlier this year, in partnership with OMB, GSA unveiled the establishment of a Technical Advisory Group (TAG) tasked with furnishing FedRAMP with specialized expertise.
This initiative aims to enrich decision-making regarding the technical, strategic, and operational trajectory of the program.
“The TAG will empower FedRAMP to benefit from the strong technical expertise we have throughout the federal government. This group will help make FedRAMP a smarter and more technology-forward operation that better meets its goal of making it safe and easy for federal agencies to take full advantage of cloud services,” said Eric Mill, GSA’s executive Director for Cloud Strategy in Technology Transformation Services.