The General Services Administration provided an update on how the Federal Risk and Authorization Management Program is meeting milestones and laid out new deadlines as part of a Dec. 16 press briefing and the release of the program's roadmap.
"There's been some confusion that FedRAMP is GSA, and FedRAMP is the JAB, but really FedRAMP is a program that is governmentwide in nature and has stakeholders across the government," said FedRAMP Director Matt Goodrich. A new plan aims to refocus the program on agency stakeholders and further spread the responsibility for authorizing cloud services.
Two and a half years in, the Federal Risk and Authorization Management Program, which aims to help agencies and departments more quickly and securely procure cloud services, is being adopted in pockets across the federal government, but not always correctly, say General Services Administration officials during a Dec. 16 press briefing.
The guidance essentially codifies certain actions that have already occurred. For example, in August, Amazon Web Services became the first authorized commercial cloud provider to host sensitive unclassified data for DoD.
Complex, non-standardized cloud computing service level agreements make comparing cloud offerings during procurement and ensuring proper execution once work is underway difficult for federal agencies and departments, said a Homeland Security Department Official.
Two years after the Defense Department released a strategy to implement cloud computing, several elements have still not been completed that could potentially result in lost cost savings, decreased effectiveness and lower security – findings that the department disagreed with, a Dec. 4 audit revealed.
Cloud computing technology is ready for the enterprise, but most agencies are not prepared at a policy level to most efficiently implement it, according to a whitepaper published Oct. 10 by the MITRE Corporation and the Advanced Technology Academic Research Center
A memo to be released next month will allow the military services to handle their own acquisition of cloud computing technology rather than requiring them to work through the Defense Information Systems Agency.
Seven federal agencies have collectively ramped up the number of cloud services and investments in such efforts since 2012, but congressional investigators said the agencies are still only investing a tiny fraction of their IT budgets on such initiatives
An internal investigation found that the U.S. Postal Service's cloud computing contracts did not comply with all of the agency's standards.