The number of agencies reusing cloud cybersecurity products that have already received the stamp of approval from the General Services Administration’s Federal Risk and Authorization Management Program is growing fast, thanks to the pandemic and remote work requirements.
“We’ve seen cloud products this year be reused over 50% more than from last year,” Ashley Mahan, Director of FedRAMP at GSA, told “Government Matters” Sunday. “Since March, we’ve seen more or less a doubling, or roughly 3,000 reusability requests from agencies looking at these FedRAMP authorized products, and determining if they’re the right fit for their agency.”
Mahan said connecting agencies and industry has been an important part of her group’s work since before the pandemic struck. “We’ve really shifted into high gear over the past year, helping agencies work with industry to authorize these products, as well as work hand-in-hand with industry to help them navigate the authorization process.”
Although the FedRAMP program has been around since 2011, agency hesitation to reuse another agency’s work has frustrated companies who have navigated the authorization process. “We really helped [by] understanding our customers – agencies, industry – and what their perspectives are in going through this authorization process,” Mahan said. “Over the past couple of years, we’ve carved out four focus areas.”
Mahan listed those focus areas as automation; providing learning opportunities for the community; growing the FedRAMP marketplace; and simplifying the authorization process. Mahan described how her organization is working on each, with automation potentially making the biggest impact, and difference, right away.
“We’ve been working really closely with the National Institute of Standards and Technology on [an] Open Security Control Assessment Language,” Mahan told “Government Matters.” “We’re creating a standardized, machine-readable language. We can apply a lot of tooling and technology to this process. The security deliverables can be read by machines, and a lot of efficiencies from an automation standpoint can be applied.”