FedRAMP (Federal Risk and Authorization Management Program) is led by GSA and is a soon-to-be mandatory government wide program that standardizes the government’s approach to authorizing cloud services for use by federal agencies and monitoring those services to ensure that they continue to meet federal cybersecurity requirements.Once a service goes through the initial FedRAMP authorization process, it will get a stamp of approval that all agencies can use to sign off on the service’s ability to meet federal security requirements.
FedRAMP is still in pre-launch stage. The launch of its initial operational capabilities is scheduled for June 2012, and the focus will be on infrastructure as a service and e-mail as service. Full operational capabilities are scheduled for the second quarter of fiscal 2013. At this stage, FedRamp will include more diverse products and services. By 2014 the government will move to full implementation with on-demand scalability and all federal agencies will be required to use the FedRAMP process for assessments.
The FedRAMP process will greatly increase efficiency across IT departments in the federal government. The “approved for one, approved for all” model will prevent agencies from having to spend money, time, and other resources on approving every single IT application which may have already been approved elsewhere. We have seen system certification and authorization reciprocity within the DoD for some time now. It is only fitting that we see this type of collaboration spread throughout the entire federal government. In this era of shrinking budgets FedRAMP hits the nail on the head in two areas; cutting costs in the approval process and getting agencies to focus on the cloud!