FedRAMP Is Working
It is amazing to me that the same folks that were clamoring for a centralized and universal approach to providing a cyber security standard in the cloud computing environment are the same folks that now complain that it takes too long and costs too much.
FedRAMP was designed and has delivered exactly what was requested; which is a standard baseline and process for all of government to leverage for addressing security for their cloud computing procurement. It also now works as a means to reduce redundant and exorbitant costs associated with FISMA compliance. Could it be more efficient? Sure. Could it reduce the costs that cloud service providers invest to achieve FedRAMP compliance? Possibly. However, the latter was not an initial concern of FedRAMP. The goal was to save the federal government money. In this regard, FedRAMP has been a resounding success.
Increasing efficiency for FedRAMP is not a particularly heavy lift. The FedRAMP Director is facing an increasing number of submissions and has had to make attempts to scale the approach to meet the demand. Keep in mind that one of the main concerns during the development of FedRAMP was to try to make sure that bureaucracy was minimized. In other words, avoid creating “the department of FedRAMP”. That mantra still echoes in the halls of GSA. However, with a few minor changes to the approach, the process could experience a significant increase in efficiency.
To fully realize the benefits of any increased efficiency, cloud service providers and the rest of the “Fix FedRAMP” crowd need to do their part as well. This requires more than “agitating for change”. It requires diligence, hard work, and a significantly increased attention to detail prior to submitting ATO packages to the FedRAMP PMO. These submissions are reviewed on a primarily “First-In, First-Out” (FIFO) basis. The quality of the submissions vary greatly. While some are concise, complete and accurate others are merely sophomoric attempts to comply which only serves to spend FedRAMP resources that would have been better utilized addressing submissions that were properly prepared.
The idea of FedRAMP was unique. The willingness to create, staff, and implement FedRAMP was a pretty bold move on the part of the federal government. Let’s face it; “efficiency” and “government” are seldom used in the same sentence. Yet FedRAMP has proven to be a significant step in the right direction.
if you’re interested in learning more about our Cyber Security Services you can contact Stanley Goldman by email at Stanley Goldman or 201.573.0400 Ext.14