GSA has announced it is working on improvements to the FedRAMP cloud authorization program based on user feedback.
FedRAMP, or the Federal Risk and Authorization Management Program, provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
GSA said it was working to speed up authorization, increase transparency, pilot a higher security baseline, and promote FedRAMP reuse (GSA said it just hired Ashley Mahan to help match CSPs to agency needs).
Based on outreach to cloud service providers, third-party assessors, industry consortiums, agencies and others, GSA said it would be seeking to address changes to an authorization process that at its fastest can take a whopping six months. Changes may include a stronger focus on capabilities and evidence up front, rather than documentation throughout.
GSA is also seeking to add a dashboard to FedRAMP.gov to make more information searchable and downloadable and make it easier to find on which agencies are using FedRAMP, which CSPs are authorized (and which are seeking authorization), and which services are available to agencies.