The Federal Risk and Authorization Management Program (FedRAMP) and the National Institute of Standards and Technology (NIST) released the Open Security Controls Assessment Language (OSCAL) Milestone 2 for public comment. […]

Capital, House of Representatives, Congress, Senate

The House Oversight and Reform Committee voted to advance the Federal Risk Authorization and Management Program (FedRAMP) Authorization Act to the full House during a work session today. […]

The General Services Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP) will focus on administering simplicity, automation, marketplace growth, and learning opportunities in Fiscal Year 2020, according to Director Ashley Mahan. […]

The General Services Administration is taking its FedRAMP Program to cloud service providers, start-ups, and entrepreneurs in San Francisco on Sept. 25 to showcase opportunities to work with the program that speeds the authorization process to provide products and services in the Federal government’s $90 billion per year IT market. […]

A project under development at the National Institute of Standards and Technology (NIST) is aiming to fully automate FedRAMP (Federal Risk and Authorization Management Program) and enable interoperable automation for cloud service providers (CSPs). […]

capitol washington dc senate house congress-min

Leadership of the House Government Reform Subcommittee introduced legislation today that would codify into law the FedRAMP (Federal Risk Assessment and Management Program), and take a number of other actions aimed at making the program work more efficiently. […]

The Federal Risk and Authorization Management Program (FedRAMP) today announced the launch of its Ideation Challenge that aims to inform the next iteration of the program’s processes and supporting functions. […]

The Consumer Financial Protection Bureau (CFPB) did not fully assess and authorize all of its cloud systems and did not effectively communicate with the FedRAMP program management office, leaving its cloud security at risk, according to an inspector general report published July 17. […]

Congress Capitol Senate House

Democratic and Republican leaders of the House Subcommittee on Government Reform today previewed their bipartisan effort to create legislation that would codify into law the FedRAMP (Federal Risk Assessment and Management Program) program that standardizes security requirements of cloud services used by the government, and make the FedRAMP program operate more efficiently. […]

Matt Goodrich, a senior advisor at the General Services Administration’s Technology Transformation organization and former director of the FedRAMP (Federal Risk and Authorization Management Program) program, announced in a tweet today that he will depart Federal service on July 26. […]

Several high-ranking Federal agency tech leaders are set to testify before the House Government Operations Subcommittee on July 17 when it holds a hearing to consider the effectiveness of the FedRAMP (Federal Risk Assessment and Management Program) program that standardizes security requirements of cloud services used by the government. […]

With vendors in various stages of approval for companies in the Federal Risk Assessment and Management Program (FedRAMP) program, getting a cloud offering approved and at the right level can be confusing, but new guidance from the FedRAMP program management office (PMO) aims to fix that. […]

Agencies continue to move their data to the cloud, but increasing adoption of cloud applications outside of existing security programs like FedRAMP (the Federal Risk and Authorization Management Program) and the CIO’s office brings security concerns as well, a new report notes. […]

The General Services Administration (GSA) faces a number of challenges for FY2019, including improving procurement metrics reporting through the Federal Acquisition Service (FAS), and in the area of agency cybersecurity, according to the GSA Office of Inspector General (OIG) semiannual report to Congress issued today. […]

Since FedRAMP introduced the Tailored baseline for Low-Impact Software-as-a-Service (Li-SaaS) in 2017, 11 cloud services at 10 Federal agencies – accounting for 25 percent of all services authorized in 2018 – have achieved Tailored authorizations which has allowed the project management office (PMO) to identify best practices for Cloud Service Providers (CSP) and agencies who may consider a FedRAMP Tailored authorization. […]

FedRAMP (the Federal Risk and Authorization Management Program) is looking to automation and reciprocity with industry standards in different sectors as it focuses on improvements in 2019, said Ashley Mahan, director of the FedRAMP Project Management Office (PMO), at FCW’s Cloud Summit today. […]

A recent audit by the General Services Administration’s (GSA) Office of Inspector General found that GSA’s Federal Risk and Authorization Management Program (FedRAMP) Program Management Office (PMO) has not yet established an adequate structure to assist the Federal government with adoption of secure cloud services. […]

Federal Cloud Flag

If recent events are any indication, we could be seeing big changes to agency cloud migration plans in 2019. The Federal government could be rethinking its role in owning and operating its own data centers, strongly questioning whether that is a job best left to government employees. […]

Cloud security provider Zscaler announced today that it received FedRAMP (Federal Risk and Authorization Management Program) authority to operate (ATO) at the Moderate Impact Level for its Zscaler Internet Access-Government (ZIA-Government) solution–nearly coincident with the Office of Management and Budget’s release of a draft update of its Trusted Internet Connections (TIC) policy late Friday. […]

cloud computing concept -min

IT security provider Zscaler said this week it is one of four cloud service providers selected to pursue Joint Authorization Board (JAB) FedRAMP certification, at the High Impact level, through the FedRAMP Connect program. […]

cloud computing concept -min
Federal Cloud Flag

CrowdStrike announced Thursday that it received an agency FedRAMP authorization which it said will allow the company “to significantly expand its footprint in the Federal government to meet demand from Federal agencies for its endpoint protection technologies.  […]

Jay Huie

On the heels of Kelly Olson’s promotion to head the General Services Administration’s Technology and Transformation Services (TTS) organization (LINK to yesterday’s story), the agency is setting into motion a series of leadership changes impacting its FedRAMP operation, among others. […]

Zscaler announced today that its Zscaler Private Access-Government (ZPA-Government) application access platform received FedRAMP Moderate certification to sell across government. ZPA-Government, which received authority to operate by the Federal Communications Commission (FCC), is the first FedRAMP-approved zero trust remote access platform. […]

During an Aug. 8 webinar on VMware Cloud on AWS hosted by the Digital Government Institute, participants said that VMware and AWS are setting up a dedicated instance of the service called VMware Cloud on AWS GovCloud (US). This instance is intended to meet standards set by FedRAMP, the Defense Information Systems Agency (DISA), and the International Traffic in Arms Regulation (ITAR). […]

Security in the cloud is a shared responsibility between cloud service providers (CSPs) and government organizations. CSPs provide agencies with a secure platform to operate on, but it is the responsibility of agency security leaders to ensure the applications that are being hosted have been hardened, according to security experts. […]

Rep. Gerry Connolly, D-Va., said today that he introduced legislation – the Federal Risk and Authorization Management Program (FedRAMP) Reform Act – which would codify the FedRAMP program in Federal law and address what the congressman said are shortcomings of the program, including the slow pace of implementing standardized practices and realizing efficiencies in the certification process. […]

Categories