Initial Readiness Assessment Report Feedback
On March 28, 2016, the FedRAMP Program Management Office (PMO) posted a draft of the FedRAMP Readiness Assessment Report and FedRAMP Readiness Assessment Guidance for CSPs and 3PAOs for public comment and have heard from many of you. ** ** The goal of the FedRAMP Readiness Assessment Report is to allow vendors to demonstrate their capabilities faster through an assessment by a Third Party Assessment Organization (3PAO) than through documentation reviews by the FedRAMP PMO. This will in turn enable Cloud Service Providers (CSPs) and Agencies to achieve FedRAMP authorizations faster without negatively impacting risk and quality of security packages.
New Compliant CSPs!
The FedRAMP PMO is excited to announce that GovDelivery has earned a JAB Provisional Authorization and Acquia Inc. is now FedRAMP Compliant with an Agency Authorization !
|[GovDelivery](https://www.fedramp.gov/marketplace/compliant-systems/govdelivery-govdelivery-communications-cloud/) was issued a JAB Provisional Authorization on March 4, 2016 for their Communications Cloud. GovDelivery offers leading solutions for managing government communications, internal and external learning, and open data. The GovDelivery Network offers a unique and impactful way for public sector organizations to work together to cross promote content and increase digital reach. Organizations using GovDelivery see higher utilization of citizen services and greater citizen engagement.|
|[Acquia](https://www.fedramp.gov/marketplace/compliant-systems/acquia-acquia-cloud/) is now FedRAMP Compliant with an Agency Authorization from the Department of the Treasury. The ACE platform as a service (PaaS) provides Drupal optimized cloud-based web hosting complemented by a collection of network of tools and services hosted within AWS. ACE supports sites that need dedicated resources and high levels of customization, and Acquia Cloud Site Factory for organizations with a requirement to deliver many similar Drupal based websites at scale.|
FedRAMP now has 65 FedRAMP Compliant CSP systems! A complete list can be viewed here
Sunsetting CSP-Supplied with a Revamped FedRAMP Ready
On March 28th, the FedRAMP PMO announced that the CSP-Supplied option will evolve as part of an effort to focus on agency and JAB provisional authorizations. After numerous interviews with CSPs, agencies, and 3PAOs, we concluded that CSP-Supplied had the lowest demand and was too risky, costly, and resource intensive for both industry and the FedRAMP PMO.
Project Hosts: A Small CSP Who Likes FedRAMP
Project Hosts is a small business cloud service provider (CSP) that submitted its FedRAMP paperwork in** April, 2014 and achieved FedRAMP SaaS compliance in January, 2015.
I like FedRAMP.
Don’t get me wrong. The demanding standards, policies and processes required by FedRAMP are painful to implement. But it’s worth it.
It’s been a great month working with multiple Agencies, CSPs, 3PAOs and the public as part of both the Agency Roadshow and #WheresAshley campaigns. In one day alone this month, I met with six CSPs working with Agencies and two Agency partners!
This month, I traveled to Austin, Texas, in collaboration with the Presidential Innovation Fellows (PIF) to participate in the Apps.gov launch at SXSW. Apps.gov is a PIF initative to provide Agencies and one-stop shop to explore, compare and quickly evaluate SaaS proviers. Check it out: Apps.gov
FedRAMP in the News: