FedRAMP Goes Mobile, Benefiting Agencies and the Public

From: IBM Center for the Business of Government

By: Dan Chenok

GSA is now into its 5th year of overseeing the Federal Risk and Authorization Management Program, which GSA’s website describes as “a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.” FedRAMP recently entered the mobile space for cloud solutions, which will bring great benefits to agencies and promote the use of cloud as a platform for mobile innovations.

co-authored by guest blogger Andras Szakal, Vice President and CTO, US Federal, IBM

Benefits from FedRAMP

FedRAMP has made great strides in operationalizing the federal security C&A process.  FedRAMP brings commercial best practices standardization of the process for cloud security, and does across agencies in a way that also provides consistency across the entire federal government. Agencies can recognize the C&A/certification and obtain an Authority to Operate (ATO) for a cloud solution that another agency has provided, or that has been completed based on a review by the “Joint Authorizing Board” (JAB).  This process has created significant improvements in the marketplace for cloud services in government, as detailed in a prior blog post.

The FedRAMP process is leading to more secure software production across industry.  FedRAMP (along with the European Union ISO requirements) is pushing commercial providers to integrate security compliance into end to end development, deployment and devOps practices.  For example, automated tooling helps product teams understand and develop FedRamp packages, automated processes for continuous monitoring within devOps processes promote consistency in Federal and commercial environments.

Read Complete Article


Leave a Reply

Your email address will not be published.

Please Answer: *