Tag Archives: Federal Risk and Authorization Management Program

FedRAMP, NIST Release 1st Version of Open Security Controls Assessment Language

OSCAL Version 1.0.0

The Federal Risk and Authorization Management Program (FedRAMP) office and the National Institute of Standards and Technology (NIST) have introduced a machine-readable standard that works to automate the preparation, authorization and reuse of commercial cloud offerings for the government sector. The FedRAMP office expects OSCAL to help vendors prepare and review system security plans faster

Read More »

Dave Zvenyach: GSA Plans to Invest in FedRAMP Process Automation

Dave Zvenyac

Dave Zvenyach, director of the General Services Administration's (GSA) Technology Transformation Services (TTS) organization, said the agency is looking to modernize Federal Risk and Authorization Management Program (FedRAMP) processes with automation technology. Zvenyach noted that FedRAMP, which set a standardized assessment and certification approach for cloud offerings, generates nonlinear costs as the agency onboards more providers into the program.

Read More »

FedRAMP Issues Updated Guidance Doc on Reporting Information Security Incidents

OCONUS Cloud Strategy

The Federal Risk and Authorization Management Program (FedRAMP) has updated a document that details the roles and responsibilities of each stakeholder in the cyber incident communication process. “Additionally, CSPs are responsible for responding to emergency inquiries from FedRAMP, including those that are the result of the issuance of CISA Emergency Directives,” the document reads.

Read More »

FedRAMP Issues Guidance for Container-Based Cloud Vulnerability Scanning

AWS Secret Region IL-6

The Federal Risk and Authorization Management Program (FedRAMP) has released a document for vulnerability scanning procedures involving container technology for cloud environments. The Vulnerability Scanning Requirements for Containers guidance details standards for security considerations, processes and architectures in line with the assessments of cloud service providers during a technical exchange meeting. 

Read More »

StateRAMP to Open Membership Registration for Cloud Security Vetting Initiative in April

Cloud Computing

Not-for-profit-organization StateRAMP will begin membership registrations for its program aimed at helping vendors and agencies comply with cloud security standards (CSP) next month, GCN reported Tuesday. CSPs must undergo a readiness assessment to validate security controls and determine their potential to pass full FedRAMP assessments within a two to four-week period.

Read More »

GSA’s Dave Zvenyach on Digital Services Unit’s Role in Assisted Acquisition, Government Service Transformation

Dave Zvenyach

Dave Zvenyach, director of the General Services Administration’s (GSA) Technology Transformation Services (TTS) unit, has said that TTS has been making progress in its programs and execution of assisted acquisition authorities. TTS and the 18F digital services unit are partnering for assisted acquisition efforts to support agencies like the Department of Health and Human Services’ (HHS) Administration for Children and Families.

Read More »

GSA Launches Updated FedRAMP Website; Ashley Mahan Quoted

Ashley Mahan

The General Services Administration (GSA) has redesigned the website for the Federal Risk and Authorization Management Program (FedRAMP) in a move to promote the use of cloud technologies to streamline online operations. GSA said Tuesday that the updated FedRAMP website is aimed at providing easy access to information on authorization procedures while simplifying the online experience through search and filter functions.

Read More »

GSA’s Katy Kale, Sonny Hashmi on Current Admin’s Priorities, FedRAMP, CMMC Programs

Katy Kale

Katy Kale, acting administrator of the General Services Administration and 2021 Wash100 Award recipient, and Sonny Hashmi, commissioner of GSA’s Federal Acquisition Service and fellow 2021 Wash100 Award winner, talked about the current administration’s four priorities and the future of ongoing programs. “And, as it turns out, FAS has an incredibly integral role to play in all four of them,” Hashmi said. 

Read More »

DOD Assessment Work on CMMC Reciprocity Continues; Stacy Bostjanick Quoted

NSA-CISA-FBI-UK NCSC

The Department of Defense (DOD) is still assessing how to open up the Cybersecurity Maturity Model Certification (CMMC) initiative for reciprocity with the Federal Risk and Authorization Management Program (FedRAMP) and other certification programs as part of a push to help contractors save money as they comply with the new cyber standard. 

Read More »

House OKs Bill to Codify FedRAMP, Create Federal Cloud Advisory Panel

OCONUS Cloud Strategy

The House has passed a bipartisan bill by voice vote that seeks to codify the Federal Risk and Authorization Management Program (FedRAMP) and establish an advisory panel that would coordinate procurement and cybersecurity efforts under the governmentwide cloud computing initiative. GSA found that the number of agencies reusing certified platforms under the program rose 50 percent during fiscal 2020.

Read More »