This past Monday, we held our first Agency Roundtable at GSA headquarters. As FedRAMP’s Agency Evangelist, I take pride in bringing awareness and understanding to federal agencies about how FedRAMP can help their journey to the cloud. We brought over 34 agencies together, from those agencies seeking an introduction to FedRAMP to those agencies who are well seasoned veterans in the FedRAMP process. Our aim was to make agency connections to create long-lasting relationships in sharing cloud security and implementation strategies,and I’d say we’re on our way!
We began the roundtable by updating the group on the latest FedRAMP news to include the release of the High Baseline, Readiness Assessment Report (RAR) and the FedRAMP Marketplace. Besides these major accomplishments, I’m really proud of the work all of the agencies have been doing recently. We have received an additional 30 authorizations (ATOs) from Agencies in the last 90 days , that’s a huge number in terms of authorization re-use in a short period of time!
There was a significant segment of the roundtable dedicated to explaining how to issue an initial or re-used authorization. We were excited to have Mary Lou Tilltotson, IT Policy lead with the National Science Foundation (NSF) share her experience issuing an initial authorization. Mary Lou vividly explained how NSF was able to issue an agency authorization for Accenture Federal Cloud in four months. The entire audience was captivated in jotting down lessons learned. Her recipe for success is comprised of a lot of hard work, working closely with the FedRAMP PMO, and the following five steps:
Engage all stakeholders in the beginning
Ensure management buy-in and support
Develop a plan and detailed schedule
Identify skilled resources and roles
Conduct quality reviews of documentation before submitting to FedRAMP
Following the FedRAMP authorization process discussion, the DHS Trusted Internet Connection (TIC) PMO provided an interactive Q&A with the audience, led by Mark Bunn and Sean Connelly.
The second half of the programming was focused on Agencies collaborating with one-another. Three areas of focus were: Continuous Monitoring, FedRAMP Authorization Process, and Cloud Governance, Strategy, and Policy. There was a lot of great discussion and idea generation about how FedRAMP and agencies can work together to create a better understanding of all of these areas of security authorizations as well as take steps to making areas more efficient and effective for everyone.
I look forward to our next roundtable and seeing what comes from the relationships built during these meetings. A big thank you to everyone who came out to. If you’d like to attend the next agency roundtable or have questions about the agency authorization process, email me at firstname.lastname@example.org!