The Situation Report: Separating the FedRAMP Signal From the Noise

A pile of fake money representing the $150,000 spent on the FedRAMP dashboard was presented as an example of agency spending waste. (Photo: MeriTalk)

My mobile listening post parked outside the Newseum in downtown Washington, D.C., picked up some crystal clear signals Tuesday that the storm has not yet passed for some big programs run by the General Services Administration.

During a joint forum hosted by GSA and MeriTalk, GSA’s chief information officer, David Shive, responded honestly and without hesitation to some tough questions on a number of fronts, including the Federal Risk and Authorization Management Program’s (FedRAMP) spending of $150,000 in taxpayer money to duplicate an online dashboard capability that had already been developed in the private sector and made available to the government for free.

Questions were also raised about financial management problems at GSA’s internal tech consulting organization, 18F. Sources tell The Situation Report that the IG wants to know why the agency’s digital services consultants can’t explain how they used about $200,000 worth of seed funding.

“I invite those comments. I invite this dialogue,” said Shive. “Without this conversation we can’t get better.”

Matt Goodrich, the director of the FedRAMP Program Management Office, on Wednesday chose to characterize the legitimate questioning of FedRAMP reform efforts to date as “noise” and “antics.”

goodrich tweet

The Situation Report, however, has picked up strong indicators that what Goodrich wants taxpayers to view as noise and antics will actually be documented in early October in a major GSA inspector general report covering a wide range of business, financial management, and technology issues. Interestingly, SitRep sources reported the presence of four members of the GSA inspector general’s office in the audience Tuesday.

It will be interesting to see how the October IG report influences potential actions on Capitol Hill to ensure the FedRAMP authorization process lives up to its original intent—certify once, use many.

“This process has now become an extra layer and burden for industry,” said Rep. Gerry Connolly, D-Va. “[Congress] will absolutely insist that it be a one-step process, not a two-step. Either JAB [Joint Authorization Board] certifies and that’s good enough for everybody, or you go to a system where you’ve got to go to each individual agency, and I predict Congress will go for the former.”

OverHURD on the Hill

My remote sensors on Capitol Hill have discovered more movement on the IT modernization front by Rep. Will Hurd, R-Texas. The chairman of the House IT Subcommittee has drafted and is prepared to drop a new bill that will combine aspects of his MOVE IT legislation (which calls for working capital funds at the 24 CFO Act agencies) with the IT Modernization Act proposed by Rep. Steny Hoyer, D-Md., which would establish a mega fund at GSA (including an investment review board) into a comprehensive IT modernization package.

One of my agents reports that the new bill will be called the Modernizing Government Technology Act or MGT. But Hurd originally wanted to call it MOVE IT 2.0. Apparently, Congress doesn’t allow software-esque version designations on proposed tech bills.

Sources tell The SitRep that the House Oversight and Government Reform Committee plans to mark up the bill Thursday and is expected to be considered by the full House of Representatives on Sept. 19.

Sources close to the process on the Hill said the bill could be “hotlined” and considered by unanimous consent by the Senate prior to the upcoming recess.

Share your Situation Reports at or follow me on Twitter