Skip to main content

RFI on ATO Automation Tools Out for Industry Response

Focus on FedRAMP

Discover what’s happening in the FedRAMP world.

In collaboration with the Office of American Innovation (OAI) and American Technology Council, GSA and FedRAMP have been working to improve the security authorization process across the federal government. Our ultimate goals include:   

One key component of this effort is identifying ways to incorporate automation into the Authority to Operate (ATO) process. To assist agencies and industry collectively, GSA is issuing a Request for Information (RFI) in order to have a better understanding of the existing commercially available products and practices that the government could use to automate any portion of the ATO process. Ideally, the government is looking for tools that are already available, rather than conceptual tools, that could be used to automate the process and support federal priorities already underway like the Continuous Diagnostics and Mitigation (CDM) as well as Ongoing Authorizations priorities managed by the Department of Homeland Security (DHS).

Some challenges of the authorization process faced by vendors and agencies include complex and time consuming processes, demanding documentation requirements and manual processing. Our goals for automation are to streamline the process, reduce the timeframe for authorizing an information system, reduce risk of human error, provide real-time data to understand vulnerabilities, and mitigate risk.

The information gathered through this RFI will help feed recommendations to the OAI on how to automate the ATO process, in whole or in part. In the short term, this can potentially be turned into a white paper on available tools and techniques that agencies could use when undertaking the authorization process. Additionally, vendors with readily available tools may be asked to do a demonstration of their tool’s capabilities for GSA and OMB. In the long-term, the information collected will empower GSA and the federal government to make more informed decisions about the tools available to encourage interoperability.

FedRAMP would like to encourage any industry partners that have a service that would meet these requirements to respond to the RFI by July 25th at 5:00pm eastern. Thank you for your continued partnership and input as we strive to continuously improve how we work with industry.

The New FedRAMP.gov

FedRAMP is excited to announce the launch of our revamped website. Thanks to feedback from our partners and stakeholders, the website has an improved user experience that makes FedRAMP information and resources more accessible. The website provides more in-depth information...

Continue Reading...

FedRAMP Explores a Threat-Based Methodology to ...

Feasibility Study: Agile Approach to Authorizations In 2017, the Office of American Innovation ...

Continue Reading...

CSPs Prioritized to Work with the JAB and Next ...

The following Cloud Service Providers (CSPs) have been selected to work with the Joint Authorizat...

Continue Reading...

FedRAMP Hosts a 3PAO Interact Week

Throughout the week of November 16, 2020, the FedRAMP PMO held a virtual, 3PAO Interact, to bring...

Continue Reading...

FedRAMP’s NIST Rev5 Transition Plan

FedRAMP uses the National Institute of Standards and Technology’s (NIST) guidelines and procedure...

Continue Reading...

CSPs Prioritized to Work with the JAB and Next ...

The following Cloud Service Providers (CSPs) have been selected to work with the Joint Authorizat...

Continue Reading...

FedRAMP Reaches 200 Authorizations

FedRAMP is excited to announce that we just reached a huge milestone: 200 FedRAMP Authorized Clou...

Continue Reading...

Updated 3PAO Obligations and Performance Standa...

FedRAMP recently updated the 3PAO Obligations and Performance Standards document to provide addit...

Continue Reading...

Additional FedRAMP OSCAL Resources and Templates

In June 2020, FedRAMP announced the release of OSCAL resources and templates on GitHub for CSPs, ...

Continue Reading...

Requesting Public Comment on Vulnerability Scan...

Technology changes rapidly and Cloud Service Providers (CSPs) continue to evolve in order to impr...

Continue Reading...

Updated Customer Implementation Summary (CIS) a...

In response to Agency and CSP feedback, FedRAMP updated the Customer Implementation Summary/Custo...

Continue Reading...

Please Take the FY20 FedRAMP Annual Survey!

FedRAMP is seeking your feedback in the FedRAMP Annual Survey. FedRAMP is constantly looking for ...

Continue Reading...

An Update to FedRAMP’s High Baseline SA-9(5) Co...

The Federal Risk and Authorization Management Program (FedRAMP) provides standardized security re...

Continue Reading...

FedRAMP Announces Document and Template Updates

FedRAMP released updates to the System Security Plan (SSP) Attachment 12 template, the FedRAMP Ma...

Continue Reading...

FedRAMP Announces Agency Liaison Program

The FedRAMP PMO recently kicked off a new initiative, the Agency Liaison Program, which is design...

Continue Reading...

Using the FedRAMP OSCAL Resources and Templates

The FedRAMP PMO, in collaboration with NIST, is working to digitize the authorization package thr...

Continue Reading...

7

May

Do Once, Use Many - How Agencies Can Reuse a Fe...

One of FedRAMP’s core value propositions is facilitating government-wide reuse of security packag...

Continue Reading...

JAB Prioritized CSPs and FedRAMP Connect Updates

The following Cloud Service Providers (CSPs) have been selected to work with the Joint Authorizat...

Continue Reading...

FedRAMP Lessons Learned for Small Businesses

The FedRAMP PMO is committed to helping small businesses and startups navigate the FedRAMP author...

Continue Reading...

FedRAMP Looks Back on a Successful FY2019

Fiscal Year 2019 was a year of achievement and progress for FedRAMP. Thank you for your collabora...

Continue Reading...

FedRAMP Looks Back on a Successful FY2019

Fiscal Year 2019 was a year of achievement and progress for FedRAMP. Thank you for your collabora...

Continue Reading...

FedRAMP Moves to Automate the Authorization Pro...

FedRAMP is excited to announce that the program has reached an important automation milestone. Fe...

Continue Reading...

Seeking Public Comments on the Draft Customer I...

In response to Agency and CSP feedback, FedRAMP updated the Customer Implementation Summary/Custo...

Continue Reading...

A Successful FedRAMP Startup & Small Business M...

On September 25, 2019 the FedRAMP PMO had its first Small Business/Start-Up Meetup in San Francis...

Continue Reading...

FedRAMP Connect Results and Next Round of Conne...

Congratulations to the following Cloud Service Providers (CSPs) selected to work with the Joint A...

Continue Reading...

FedRAMP Heads to San Francisco to Host Small Bu...

Are you a small business or startup interested in learning more about FedRAMP? The FedRAMP PMO is...

Continue Reading...

Please Take the FY19 FedRAMP Annual Survey!

The FedRAMP PMO is seeking your feedback and released the FedRAMP Annual Survey. If you’ve intera...

Continue Reading...

FedRAMP Launches Ideation Challenge

Do you have bold, innovative, and actionable ideas that can help transform the way agencies secur...

Continue Reading...

FedRAMP Marketplace Guidance Released

We receive thousands of questions through [info@fedramp.gov](mailto:info@fedramp.gov), and one of...

Continue Reading...

Get to Know FedRAMP's Program Manager of Securi...

As part of our spotlight series on the members of the FedRAMP PMO team, we wanted to introduce Jo...

Continue Reading...

8

May

Meet FedRAMP's Customer Success Manager

The FedRAMP PMO wants to give our readers a glimpse into the human side of the FedRAMP program by...

Continue Reading...

1

May

Best Practices for Multi-Agency Continuous Moni...

Both Cloud Service Providers (CSPs) and Federal Agencies play a role in Continuous Monitoring. Fe...

Continue Reading...

FedRAMP Tailored Lessons Learned

FedRAMP introduced the Tailored baseline for Low-Impact Software-as-a-Service (Li-SaaS) in 2017 t...

Continue Reading...

Guidance on FedRAMP's Applicability to State an...

In December 2011, the federal government established FedRAMP to provide a cost-effective and risk...

Continue Reading...

FedRAMP Connect Business Cases Due April 12th

Reminder to all Cloud Service Providers (CSPs) that the next due date for Business Case submissio...

Continue Reading...

FedRAMP Hosts Another Successful Agency ISSO Tr...

On March 25th, FedRAMP hosted its fourth Agency Information System Security Officer (ISSO) traini...

Continue Reading...

2019 FedRAMP Five Awards - Accepting Nominations!

We are pleased to announce our second annual “FedRAMP Five” awards to celebrate our government pa...

Continue Reading...

Reviewing the SAR - Best Practices for 3PAOs, A...

Cloud Service Providers (CSPs) pursuing a Low, Moderate, or High FedRAMP authorization are requir...

Continue Reading...

Next CSPs Selected to work with the JAB via Fed...

The FedRAMP PMO just completed our most recent round of FedRAMP Connect, the process where Cloud ...

Continue Reading...

FAQs on Updated R311 Requirements

Since we released updates to the “R311-Specific Requirements: FedRAMP” on November 6th, which inc...

Continue Reading...

FedRAMP Welcomes New Team Member to the PMO

FedRAMP is excited to introduce a new member of our Program Management Office (PMO) Team, Brian C...

Continue Reading...

FedRAMP Updates 3PAO Requirements

Third Party Assessment Organizations (3PAOs) play a critical role within the Federal Risk and A...

Continue Reading...

Find Resources Easier with New Updates to FedRA...

The FedRAMP PMO is excited to share some new updates to the website. In response to customer feed...

Continue Reading...

FedRAMP Documentation Release

As mentioned last week, we've updated ten documents/templates and added one new document to our T...

Continue Reading...

FedRAMP Boundary Guidance - Industry Response &...

In May 2018, the FedRAMP PMO released guidance describing the “rules of thumb” Cloud Service Prov...

Continue Reading...

FedRAMP Connect - New Guidance on JAB Prioritiz...

FedRAMP is excited to announce that we are starting our next round of FedRAMP Connect! **Business...

Continue Reading...

Congratulations to the 2018 FedRAMP Five Award ...

We’re thrilled to announce the winners of the first-ever FedRAMP Five Awards, which recognize our...

Continue Reading...

FedRAMP Launches New Training Platform

We couldn’t be more excited to launch our new FedRAMP Training Platform! This platform provides a...

Continue Reading...

FedRAMP Authorization Boundary Guidance Released

Over the past year, the FedRAMP PMO has recognized that it is difficult for Cloud Service Provide...

Continue Reading...

3

May

Penetration Testing for All FedRAMP Moderate an...

Penetration testing is a well-recognized way to explore IT system weaknesses. FedRAMP requires pe...

Continue Reading...

1

May

FedRAMP Reaches 100 Authorizations

We could not be more excited to announce that we just reached a huge milestone - 100 Cloud Servic...

Continue Reading...

Annual Assessment Guidance

The FedRAMP PMO recently encountered a question from a Cloud Service Provider (CSP) as to whether...

Continue Reading...

Introducing the New CSP Authorization Playbook

The FedRAMP PMO is pleased to release the first volume of the Cloud Service Provider (CSP) Author...

Continue Reading...

Three Additional ConMon Documents Released

On January 31st, FedRAMP released several new or revised Continuous Monitoring (ConMon) documents...

Continue Reading...

Determining Your FedRAMP Boundary Definition

An authorization boundary provides a diagrammatic picture of a system’s internal components to a ...

Continue Reading...

Best Practices for Achieving and Maintaining an...

Building upon earlier guidance, the PMO has identified a number of best practices that enable CSP...

Continue Reading...

New ConMon Documents Available

As FedRAMP continues to enhance its continuous monitoring (ConMon) processes, we solicited feedba...

Continue Reading...

Impact of FedRAMP for Small Businesses

Did you know that over 30% of FedRAMP Cloud Service Providers (CSPs) are small businesses?* When ...

Continue Reading...

Accessing a CSP’s FedRAMP Materials through OMB...

The FedRAMP PMO frequently encounters questions from Agencies about how to gain access to a CSP’s...

Continue Reading...

Introducing the New Agency Authorization Playbook

The FedRAMP PMO is proud to release the [Agency Authorization Playbook](https://www.fedramp.gov/a...

Continue Reading...

Understanding Baselines and Impact Levels in Fe...

The FedRAMP PMO fields a number of questions about impact levels and the security categorization ...

Continue Reading...

Common Challenges with the Readiness Assessment...

Thank you to all our vendors who have participated in our FedRAMP Ready process by using the Read...

Continue Reading...

Why Become FedRAMP Ready?

When the FedRAMP PMO introduced FedRAMP Accelerated last year, it also introduced an evolution of...

Continue Reading...

FedRAMP Agency Authorization Process - Tips, Tr...

Continuing our efforts to enable transparency for Agencies and Cloud Service Providers (CSPs) ali...

Continue Reading...

New Third Party Assessment Organizations (3PAOs...

The FedRAMP PMO is pleased to announce the Third Party Assessment Organization (3PAO) Training Se...

Continue Reading...

FedRAMP Tailored Available for Use

We are excited to announce our release of the **_FedRAMP Tailored_** Baseline for Cloud Service P...

Continue Reading...

FedRAMP Acquisition FAQs

In an effort to help agencies continue to adopt secure cloud technologies, FedRAMP has been ident...

Continue Reading...

Finding an Initial Authorizing Agency

The Agency Authorization process is the most popular route for CSPs to take when working toward a...

Continue Reading...

How FedRAMP Supports Agencies

There are a number of ways the FedRAMP team works with Agencies at various stages of the authoriz...

Continue Reading...

FedRAMP Business Case Tips!

As the August 25th due date for the FedRAMP Business Case approaches, we have been receiving some...

Continue Reading...

Partnering for Success: CSPs and 3PAOs

Third Party Assessment Organizations (3PAOs) are hired by Cloud Service Providers (CSPs) to eithe...

Continue Reading...

Updated Welcome to FedRAMP Training Now Available

We’re excited to launch our newly revamped FedRAMP 100-A: Welcome to FedRAMP online training cour...

Continue Reading...

Make the Most of the FedRAMP Marketplace

Launched last August, the [FedRAMP Marketplace](https://marketplace.fedramp.gov/#/products?sort=p...

Continue Reading...

Updated Version of FedRAMP Tailored Available f...

We are excited to announce that the next iteration of the **_FedRAMP Tailored_** baseline is avai...

Continue Reading...

RFI on ATO Automation Tools Out for Industry Re...

In collaboration with the Office of American Innovation (OAI) and American Technology Council, GS...

Continue Reading...

CSP and 3PAO Roles and Responsibilities

We wanted to share some high-level guidance for CSPs and 3PAOs we created with the JAB teams to p...

Continue Reading...

2

May

FedRAMP Connect - The Latest Vendors Prioritize...

Over the past few months, we’ve been working to reframe how we prioritize vendors that work with ...

Continue Reading...

New FedRAMP Readiness Assessment Report for Hig...

We recently released version 1.0 of the High Baseline Readiness Assessment Report (RAR) Template ...

Continue Reading...

Onboarding New Services for JAB Provisionally A...

As FedRAMP continues to evolve and mature, the program and its stakeholders must balance the need...

Continue Reading...

Launching a FedRAMP Tailored Baseline

We are excited to announce that the FedRAMP Tailored baseline is available for public comment. Th...

Continue Reading...

3PAO Requirements Update

The Federal Risk and Authorization Management Program (FedRAMP) Third Party Assessment Organizati...

Continue Reading...

JAB or Agency: How Do I Get a FedRAMP ATO?

“Should a CSP pursue JAB or agency authorization?” That is probably one of the most common questi...

Continue Reading...

FedRAMP JAB Prioritization Criteria and Process

Over the past 6 months FedRAMP has been working to update the criteria by which the Joint Authori...

Continue Reading...

New Integrated Inventory Template

Today we released an updated and significantly different version of the Inventory Template as a s...

Continue Reading...

HHS Cloud Security Day

Two weeks ago, Ashley Mahan and I had the pleasure of participating in the Health and Human Servi...

Continue Reading...

Timeliness of Testing for FedRAMP Accelerated

As we continue to work through FedRAMP Accelerated with the Joint Authorization Board (JAB), one ...

Continue Reading...

Follow Up on FedRAMP Costs

I wanted to take some time to respond to some of those questions and concerns that I received via...

Continue Reading...

Microsoft Dynamics CRM Online First in Pilot Pr...

Today I’m incredibly excited to announce that our first CSP crossed the FedRAMP Accelerated aut...

Continue Reading...

Tips on a FedRAMP Readiness Assessment

I recently held two mandatory webinars for our FedRAMP assessors (3PAOs) to go over our new Readi...

Continue Reading...

New FedRAMP Marketplace Dashboard

We’re incredibly excited to announce the launch of the new FedRAMP Marketplace dashboard! It’s lo...

Continue Reading...

FedRAMP Ready- The Next Step In Getting Vendors...

As part of the FedRAMP Accelerated process, GSA is releasing the FedRAMP Readiness Assessment R...

Continue Reading...

Update to FedRAMP Templates

On Monday, June 27th FedRAMP will be releasing updates to our templates to add some “ease of use”...

Continue Reading...

FedRAMP PMO Newsletter, June 2016

High Baseline Release The Federal Risk and Authorization Management Program (FedRAMP) is excited...

Continue Reading...

High Baseline Release

The Federal Risk and Authorization Management Program (FedRAMP) is excited to release the FedRAMP...

Continue Reading...

Initial Readiness Assessment Report Feedback

On March 28, 2016 the FedRAMP Program Management Office (PMO) posted a draft of the FedRAMP Readi...

Continue Reading...

April 2016 FedRAMP PMO Newsletter

Initial Readiness Assessment Report Feedback On March 28, 2016, the FedRAMP Program Management O...

Continue Reading...

Project Hosts: A Small CSP Who Likes FedRAMP

Project Hosts is a small business cloud service provider (CSP) that submitted its FedRAMP paperwo...

Continue Reading...

March 2016 FedRAMP PMO Newsletter

FedRAMP Accelerated Please join FedRAMP on March 28th at GSA’s Headquarters in downtown Washingt...

Continue Reading...

#WheresAshley Update

FedRAMP’s Agency Evangelist, Ashley Mahan, has been very busy over the past month speaking to Age...

Continue Reading...

FedRAMP Unveils New Video Training Course

The FedRAMP PMO has added two new training courses to our library, including the first video trai...

Continue Reading...

February 2016 FedRAMP PMO Newsletter

Reader Submission: Case for using FedRAMP Early in my federal security experience, I supported a...

Continue Reading...

Updated Frequently Asked Questions

The FedRAMP PMO has added eight additional Frequently Asked Questions (FAQs) to the FedRAMP.gov w...

Continue Reading...