The General Services Administration largely agrees with industry-endorsed recommendations for improving the Federal Risk and Authorization Management Program meant to hasten the government’s use of cloud service providers, according to a GSA official who noted efforts to introduce transparency into how long agencies are taking to approve submissions.
“We’re substantially in agreement with the report,” said Anil Cheriyan, deputy commissioner of GSA’s federal acquisition service and director of technology transformation services. “We’ll also be working on managing the timeline, end to end.”
Cheriyan spoke Friday at an event hosted by the Center for Cybersecurity Law and Policy where the group released a number of recommendations in a report derived from conversations with current and former government officials as well as cloud service providers involved with FedRAMP— the process that looks to ensure their offerings include appropriate cybersecurity controls.
FedRAMP administrators have come under pressure from multiple directions as industry bemoans a lengthy, overly manual and subjective review process that the Government Accountability Office reported many agencies sidestep entirely.
Legislation to codify FedRAMP passed the House Feb. 6 with $100 million included to add more automation to the reviews.
“Establish and report [Authority To Operate]-related metrics via annual [Federal Information Security Management Act] reporting to provide accountability,” was a key recommendation of the paper released today.
Cheriyan defended the “core” approval process within GSA, saying that had actually improved, but he said more needed to be done to ..
Support the originator by clicking the read the rest link below.
