Home / News / GSA Issues FedRAMP Directions

GSA Issues FedRAMP Directions

Photo: GSA.gov

The General Services Administration released its step-by-step instruction guide on following FedRAMP procedures Tuesday.

The 47-page concept of operations outlines how agencies and contractors should proceed in certifying services so a service from one contractor could be used in multiple agencies.

GSA says products including infrastructure-as-a-service tools will be the first to go through the FedRAMP process.

Independent auditors that undergo an application process to be government-approved will evaluate products’ compliance.

Cloud providers that successfully go through the authorization process will be listed on the FedRAMP website.

After passing the audit phase, officials from the Department of Homeland Security and FedRAMP will evaluate and continue to re-evaluate services deployed in agencies.

Service providers may re-submit a product or service to the auditors for reconsideration and a panel of security experts will reassess whether the product will be used or not.

GSA’s guide designates the DHS as the lead body in coordinating recovery efforts in the event of a breach on the agency side.

DHS will also “assist government-wide and agency-specific efforts to provide adequate, risk-based and cost-effective cybersecurity” and develop guidance to implement trusted services and cybersecurity.

Check Also

Merit Systems Protection Board Seeks Increase From President’s Budget Request

The Merit Systems Protection Board filed a bypass request with Congress seeking $46.8M in funds for 2020, reflecting a $4.6M increase from the president’s proposed budget. MSPB said in its congressional budget justification the president’s budget request of $42.3M represents a 10 percent cut to the board’s current funding level and would result in a workforce reduction if enacted.

Leave a Reply

Your email address will not be published. Required fields are marked *