How FedRAMP Supports Agencies
There are a number of ways the FedRAMP team works with Agencies at various stages of the authorization process, as well as during continuous monitoring (post ATO) to ensure they have the information they need to make the appropriate risk-based decisions for their organizations.
Here are a few of the ways that the FedRAMP team works with Agencies:
Awareness of the FedRAMP Process : We regularly meet with Agencies as well as Cloud Service Providers (CSPs) and Third Party Assessment Organizations (3PAOs) to ensure that all involved in the FedRAMP Authorization process understand what is involved, resource commitment, anticipated timelines and the necessary roles and responsibilities to achieve an authorization. We often help facilitate kickoffs with Agencies and their chosen CSP to make sure their authorization process is set up for success.
Cloud Transition Support : Many Agencies are facing the challenge of transitioning their legacy IT systems to the cloud. We know that this process requires a lot of strategic planning and coordination, and we often provide guidance to Agencies as they make the move to the cloud and provide them with an overview of cloud capabilities that are currently FedRAMP Ready, In-Process, or Authorized located on our marketplace.
Inter-Agency Collaboration : We know that our Agency partners have a lot of knowledge to share about their experiences in moving to the cloud and the FedRAMP process. Because of this, we regularly convene Agency representatives at Agency Day events so they can collaborate and share their best practices and lessons learned. Additionally, we meet with multiple Agencies every day, and based on their unique challenges in moving to the cloud, we pair them up with other Agencies who were able to successfully overcome similar situations. We are all about connecting the dots with our Federal partners, and not recreating the wheel.
Cloud Acquisition Language : When Agencies are drafting RFIs, RFPs, & RFQs, they often have questions about what language they should include within their solicitation pertaining to cybersecurity and FedRAMP. We gladly work with their contracting officers and mission owners to help them understand FedRAMP, and provide guidance and examples for how Agencies can tailor acquisition language so that it meets the Agency’s and FedRAMP’s security requirements.
Internal Agency Cloud Governance : Many Agencies are formally establishing cloud governance boards and are developing internal policies and procedures related to cloud and authorizations. We frequently consult with Agencies on how best to develop these policies and procedures, keeping FedRAMP in mind, so Agencies are confident in the security of their cloud services.
If you are an Agency representative looking for support in any of these areas, don’t hesitate to reach out to us at firstname.lastname@example.org.