The General Services Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP) will focus on administering simplicity, automation, marketplace growth, and learning opportunities in Fiscal Year 2020, according to Director Ashley Mahan.
“In 2020, the big key word is simple. We want to meet [organizations] where they’re at in this authorization journey,” Mahan said on Nov. 19 at FCW Workshop: The Future of FedRAMP.
To improve simplicity, Mahan said that FedRAMP will “reimagine” its website and streamline the authorization process. Documents and guidance will become more accessible and understandable for all stakeholders, she said.
Automation became a priority for the program in tandem with recent government initiatives. In collaboration with the National Institute of Standards and Technology (NIST), GSA’s FedRAMP is developing the Open Security Controls Assessment Language (OSCAL) to support automation. OSCAL provides machine-readable representations of information to build the foundation for security assessment automation. Michaela Iorga, Senior Security Technical Lead for Cloud Computing at NIST, called OSCAL the “rosetta stone” for automation.
FedRAMP will release draft guidance on its System Security Plan using OSCAL for public comment later this year, according to Mahan.
In order to grow the number of products available on the FedRAMP marketplace, Mahan added, the program will connect with start-ups and small business communities, establish liaisons at Federal CFO Act agencies, and engage with industry and agency working groups.
Finally, Mahan said the program will create more learning opportunities for the FedRAMP community. New guidance documents and the development of customized, on-demand training sessions for stakeholders will be a focus in FY2020.
The FedRAMP team decided on these priorities following public feedback and frustrations with the program. Successes thus far, Mahan added, “would not be possible if we did not have some of those candid and difficult conversations” with stakeholders.
Mahan demonstrated those successes by sharing FedRAMP’s progress from FY2018 to FY2019. In the last fiscal year, FedRAMP authorized 45 new cloud products – a 30 percent increase over the prior year. This brought FedRAMP’s total marketplace up to 159 products. These advancements increased product reuse by 50 percent compared to FY2018 for a total of 450 new reuses in FY2019, she said.