Skip to main content

March 2016 FedRAMP PMO Newsletter

FedRAMP Accelerated

Please join FedRAMP on March 28th at GSA’s Headquarters in downtown Washington DC (1800 F Street NW) for FedRAMP Accelerated. We are excited to have the GSA Administrator, Denise Turner Roth, and representatives from OMB, Microsoft, Unisys, 18F, and ACT-IAC participating in this event.

Please register here to see the full agenda.

We want to take the time to share with all of our stakeholders our redesigned authorization process with the JAB based on your feedback. This accelerated process will take our authorization timeframes that currently range from six to eighteen months down to less than six. After attending you’ll understand how we’re going to make that happen, how you can partner with us as we finalize and implement the accelerated process, and how the new process will impact you.

View the event.

New Compliant CSPs!

The FedRAMP PMO is excited to announce that Project Hosts and Deloitte are now FedRAMP Compliant.

 Project Hosts logo [Project Hosts](") is now FedRAMP Compliant with an Agency Authorization from the U.S. Patent and Trade Office (UPTO) within the Department of Commerce (DOC). Federal Private Cloud for SharePoint / Project Server / CRM (FPC) provides rapid deployment and managed hosting of Microsoft SharePoint, Microsoft Project Server, and Microsoft Dynamics CRM applications, leveraging the Windows Azure public cloud solution.
 Deloitte logo [Deloitte]( is now FedRAMP Compliant with a CSP-Supplied package for its Deloitte Federal Technology Center. The Deloitte Federal Technology Center (FTC) provides Software-as-a-Service (SaaS) services utilizing best-of-breed technology software and hardware spread across multiple, geographically dispersed datacenters (Texas, Georgia, and Tennessee) in order to provide a highly available, highly redundant infrastructure capable of withstanding man-made and natural catastrophes
            FedRAMP now has 63 FedRAMP Compliant CSP systems! A complete list can be viewed [here](

A Look at the Last Six Months

We’ve been busy over the last six months, here’s an overview:

  • We’ve had a 340 percent increase in FedRAMP training enrollees: from 500 to 1700 enrollees.

  • There has been a 50 percent increase in FedRAMP authorizations: from 40 to 60 authorizations (and the number keeps growing).

  • We’ve engaged with over 80 groups of stakeholders including CSPs, 3PAOs, and Agencies in an effort to better understand your customer journeys with FedRAMP.

  • We’ve undergone a redesign with the Joint Authorization Board (JAB) — this effort’s goal is to make provisional authorizations happen in under 6 months.

  • We began and are in the last stages of finalizing a high impact baseline, and are piloting the process with multiple vendors at the high impact baseline.

We’re really proud of all we’ve achieved over the last six months — and we can’t wait to capitalize on this and keep delivering more for all of you.

See our latest infographics

Reader Submission:

Tips from a FedRAMP Compliant WOSB

NetComm made it! We officially achieved FedRAMP Compliance in January 2016 for our Beacon SaaS with an Agency Authorization through the National Institutes of Health (NIH). We are especially proud because we are the first Women-Owned Small Business (WOSB) to achieve this distinction. There has been a lot of criticism that FedRAMP can’t happen for small companies , we’re proof it can happen. That doesn’t mean it’s easy , becoming FedRAMP authorized is rigorous but it is intended to be. **

Read the whole story

FedRAMP Unveils New Video Training Course

The FedRAMP PMO has added two new training coursesto our library, including the first video training option.

  • “How to Write a Control” (201B) is FedRAMP’s first online, on-demand video training course. The PMO has received many questions about how to properly write a control that will satisfy the program’s requirements. This training video is tailored to CSPs that are documenting the security of their Cloud System and will assist with writing compliant System Security Plan (SSP) control implementation descriptions.

  • The second course now available is titled “Continuous Monitoring (ConMon) Overview” (200D).

Read the whole story


FedRAMP’s Agency Evangelist, Ashley Mahan, has been very busy over the past month speaking to Agencies, CSPs, 3PAOs and the public as part of both the Agency Roadshow and #WheresAshley campaigns. In fact, she’s met with individuals from State, HHS, HUD, DOC, DOJ, NASA, NSF, GSA, Federal Reserve, Treasury, FAA, IRS, FCC, Accenture, Amazon, Avue, BMC, Cisco, Coalfire, Collab9, Companion Data Services, General Dynamics, KnightPoint, Microsoft, NetComm, Skyhigh Networks, and Veris. And that’s just in the last 30 days!

Read the whole story

FedRAMP in the News:

Page of