Matt Goodrich Unveils FedRAMP Authorization Baseline Cost Analysis

Matt Goodrich
Matt Goodrich

Matt Goodrich, director of the Federal Risk and Authorization Management Program at the General Services Administration, has said a mid-range cloud service provider would incur a total median cost of $2.25 million in order to get a FedRAMP authorization.

Goodrich wrote in a blog entry posted Thursday a CSP would need to spend an additional $1 million to perform continuous monitoring operations on an annual basis once the FedRAMP certification is achieved.

The cost analysis is based on four CSPs that went through the old FedRAMP process for their software-as-a-service and infrastructure-as-a-service platforms, he said.

According to the analysis, the FedRAMP process’ baseline costs include documentation, evaluation by a FedRAMP-accredited third-party assessment organization, Joint Authorization Board review and engineering costs associated with the need to execute technical modifications to a cloud platform in order to meet FedRAMP requirements.

Goodrich noted that costs associated with the previous process prior to the launch of the FedRAMP Accelerated system also range between $500,000 and $4 million.

He said such large variances in costs are driven by several factors such as the employment of external consultants to help with the documentation process, engineering costs and length of 3PAO assessments.

Check Also

David Deptula

Mitchell Institute’s David Deptula on DoD’s Need for Efficient, Interoperable Joint C2 System

David Deptula, dean of the Mitchell Institute for Aerospace Studies and retired U.S. Air Force lieutenant general, said the U.S. military must “embrace a new approach” to effectively coordinate joint all-domain command and control (JADC2) operations.

Leave a Reply

Your email address will not be published. Required fields are marked *