The General Services Administration (GSA) released a Concept of Operations (CONOPS) for the Federal Risk and Authorization Management Program (FedRAMP) this afternoon. The CONOPS lays out the FedRAMP process, which is intended to standardize security requirements and assessment for cloud services used by federal agencies.
FedRAMP was established by a memo from Federal CIO Steven VanRoekel to agency CIOs in December and is expected to be implemented by June. GSA calls it:
“a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that will save cost, time, and staff required to conduct redundant agency security assessments.”