FedRAMP’s Getting Busy in June - Get Involved!
June is a busy month for the FedRAMP Program! We’ve got a variety of exciting program developments and events on the horizon that we wanted to update you on.
New FedRAMP Training Platform and 300-Level Course: We’re excited to announce the upcoming launch of our new FedRAMP Training Platform, which will provide a cohesive view of the FedRAMP curriculum and provide a quality user experience. This platform has our most recent training additions, including 100-A, 300-A, and 300-G. Third Party Assessment Organizations (3PAOs) are required to take 300-A and 300-G within 60 days of the training launch. Additionally, we’ve migrated our existing 200-level trainings over to the new platform, but plan to update these trainings over the next year. To learn about our training curriculum, visit our training webpage.
3PAO Requirements Release: Following the 3PAO Workshop in April, we received feedback on the draft R311 requirements. We’re currently in the process of reviewing the feedback, and will release the finalized R311 requirements sometime in the coming weeks.
Authorization Boundary Guidance and Feedback: In May, FedRAMP released guidance on authorization boundaries to educate Cloud Service Providers (CSPs), Agencies, and 3PAOs and inform their creation and review of these boundaries. This is in service of making it easier for CSPs to scope the authorization boundary of their cloud service offerings (CSOs) from a FISMA perspective, which is an integral component of any FedRAMP System Security Plan. This guidance was developed in coordination with NIST, OMB, the Joint Authorization Board (JAB), and trusted industry partners. You can read more about this guidance in our recent blog post and provide feedback on the guidance to firstname.lastname@example.org through June 8th.
Readiness Assessment Report (RAR) Template Update and Webinar: FedRAMP will be releasing an updated RAR template to align with the Authorization Boundary Guidance document that was released in May. Specifically, the updated RAR template will provide guidance on describing and assessing risk associated with system interconnections, Application Programming Interfaces (APIs), and external services that are outside of the authorization boundary. The FedRAMP PMO will also be hosting a webinar on the RAR template update this summer that will include time for Q&A.
FedRAMP Five Awards Announcement: In celebration of FedRAMP’s sixth birthday, we’re launching our first awards program, FedRAMP Five. FedRAMP Five recognizes Federal Agencies, both small and large, and Agency leaders that have demonstrated exceptional leadership through excellent responsiveness and communication. We’ll announce the winners on Wednesday, June 13th at the ATARC Federal Cloud & Data Center Summit.
FedRAMP Connect: The next round of FedRAMP Connect, where we prioritize CSPs to work with the JAB toward a Provisional Authority to Operate (P-ATO) will begin next week. To help prepare CSPs for the prioritizaton process, we will be releasing updated guidance on how to submit a business case to the PMO and will hold a short webinar and Q&A session later this month. As always, the number one criteria for JAB prioritization is current and potential demand from the Federal Government. The PMO will also be available for one-on-one coaching calls with CSPs to help qualify their demand and answer questions about their business cases.
We look forward to your involvement and feedback as we continue to develop and further the FedRAMP Program. If you have any questions or upgrades, please don’t hesitate to reach out to email@example.com.