Tweet Cloud Computing, Industry

A Functioning, Funded FedRAMP: A Step Toward Digital Transformation of Government

By February 9, 2023

The Federal Risk and Authorization Management Program (FedRAMP) was established in 2011 to help facilitate the US government’s digital transformation by authorizing companies to sell cloud services across government agencies. Thanks to a bipartisan effort led by longtime champion Rep. Gerald Connolly, Congress took an important step toward realizing the vision of the program when it authorized FedRAMP as part of the FY 2023 National Defense Authorization Act. Now is the time to take advantage of this opportunity to make the program more effective. BSA | The Software Alliance and our members are working to help in this effort.

Here’s a look at what’s now needed to ensure the program is implemented effectively, and what BSA and our members are doing to help realize that goal.

What is FedRAMP?

FedRAMP was designed to:

  1. Accelerate the adoption of secure cloud solutions through the reuse of assessments and authorizations;
  2. Establish baselines for cloud product approval;
  3. Ensure consistent application of security practices and improve monitoring; and
  4. Allow for the reuse of an authorization by FedRAMP or an agency to ease the burden on agencies and better enable the procurement of cloud services.

In reality, despite some progress, FedRAMP has struggled to meet its objectives…

Due to the growing number of certifications submitted for approval, increase in available security solutions, and inadequate resourcing, FedRAMP’s has not yet improved the procurement of cloud services or modernization of the government’s IT to the level that its creators sought and from which Americans would greatly benefit.

Why is the authorization of FedRAMP important?

Everyone agrees that funding for modernizing government IT should be spent as effectively as possible. This effort would be greatly improved by fully embracing a standardized approach to assessing the security of cloud products and services. Thanks to this new law, once a cloud service or tool is FedRAMP authorized it is approved for use across all federal agencies. The law establishes that these approvals will be presumed acceptable throughout the government and new authorizations are not needed to reuse the product.

Now, the FedRAMP program has an opportunity to be more fully adopted and run more efficiently. If Congress plays a continued role to support this effort and gives appropriate funding for the implementation of FedRAMP, the program will be able to harness resources that can help deliver timely and secure cloud technology to government agencies. BSA recommendations are focused on helping achieve this goal.

How can FedRAMP’s process be improved to approve more cloud products?

  • Fund the FedRAMP Office: One bottleneck that slows agencies’ digital transformation is the process for companies becoming FedRAMP certified. Congress should appropriate funds such that the FedRAMP’s Joint Advisory Board can ensure that companies that want to sell to the US Government and which have invested in security necessary to meet FedRAMP’s requirements, can obtain timely and cost-effective authorizations. Estimates by the Congressional Budget Office and authors of legislation behind the FedRAMP program suggest that allocating between $20-50 million over the next five years would help to realize the intended goals of the program, and provide added value for agencies and citizens alike.
  • Increase the Reuse of Authorizations to Operate (ATOs): In addition to the reuse of existing authorizations, there should also better adoption of clear pathway to the presumption of acceptability for ATO applications. With the current limited use of ATOs, the rigor of the FedRAMP process is not being sufficiently leveraged by the federal government.
  • Encourage multicloud solutions: FedRAMP should incentivize agencies procuring best-of-breed solutions, which will frequently eschew single-vendor, walled gardens, but rather allow agencies to mix and match, interoperable solutions that excel in addressing the specific challenge an agency faces.

BSA is excited by the prospect of the FedRAMP program with proper resources that can help cloud service providers assist federal agencies with its cybersecurity concerns. BSA and its members look forward to the program functioning more efficiently to accelerate secure adoption of cloud-based services by federal agencies to ensure increased cybersecurity across the federal government.

Author:

Craig Albright serves as BSA’s Senior Vice President for US Government Relations. In this role, he leads BSA’s team that drives engagement with Congress, the Administration, and all US states. He’s responsible for developing and implementing advocacy strategy to deliver results on issues across BSA’s policy agenda.

Prior to joining BSA, Albright spent four years as the World Bank Group's Special Representative for the United States, Australia, Canada and New Zealand, managing relations with government officials, private sector executives, think tank academics, civil society leaders and others. Before that, Albright spent more than 12 years in the US government. He served in the White House as Special Assistant to President George W. Bush for Legislative Affairs and Deputy Assistant to Vice President Dick Cheney for Legislative Affairs. In Congress, his positions included Legislative Director and Chief of Staff for former Congressman Joe Knollenberg of Michigan and Chief of Staff for Congresswoman Kay Granger of Texas.

Albright has been identified as one of the Top 100 association lobbyists by The Hill news organization and one of Washington’s Most Influential People by Washingtonian magazine. He is a native of the Detroit area and holds a BA in Economics from Michigan State University.

Leave a Reply

Your email address will not be published. Required fields are marked *

7 + 17 =