If this site has an active shutdown banner at the top, then FedRAMP is currently operating only mission-essential functions due to a lapse in appropriations for the General Services Administration.
In general, ongoing activities include receiving packages, responding to critical messages, processing FedRAMP Marketplace updates, working with Prioritized AI services, and handling emergency situations. More details are provided below.
Activities Continuing During a Shutdown
For the duration of a shutdown, FedRAMP will:
Continue to intake In Process requests and Agency Authorizations
Process FedRAMP Marketplace update requests
Respond to urgent security-related messages sent to info@fedramp.gov from the public
Respond to all reasonable agency messages sent to info@fedramp.gov
Support Prioritized AI service activity, including package assessment and review
Work behind-the-scenes to improve the 20x and Rev5 assessment processes
For the duration of a shutdown, CSPs should:
Continue operations as normal. CSP responsibilities will not change in the course of a shutdown.
Continue to engage with your agency customers for continuous monitoring activities - each agency is impacted by the shutdown differently, but many still have active staff participating in regular information security procedures.
Work with representatives of your Authorizing Official (AO) to understand if Significant Change Requests (SCR) can proceed in the event that a significant change is awaiting approval by an AO following the legacy process. If the entirety of an AO’s staff is unavailable then the CSP cannot make changes until the AO or a representative of the AO is available to approve.
Follow the instructions and agreements established during enrollment in the FedRAMP SCN Beta with agency customers (only applicable to CSPs participating in the SCN Beta).
Activities Halted During a Shutdown
For the duration of a shutdown or unless otherwise shifted, FedRAMP will NOT:
Communicate widely with the public such as via social media, blog posts, events, or other such non-essential activities.
Host any public or large scale meetings; this means canceling (possibly without notification) and pausing all planning for hosting Community Updates, Agency Liaison meetings, FedRAMP Board meetings, Technical Advisory Group meetings, and Federal Secure Cloud Advisory Committee meetings.
Perform final review or authorization of any security packages without mission-essential impact to agency operations demonstrated by the authorizing agency; most security package reviews will slow down.
Respond to general non-urgent messages; this means general questions, requests for updates, brand review, etc. will be deferred until the shutdown ends.
Publish any new RFCs or close existing RFCs; any existing public comment periods will remain open until the shutdown ends.
Make improvements to the website or the FedRAMP Marketplace.
Begin or transition phases for any Rev5 Balance Improvement Release or 20x.
The Shutdown’s Impact on 20x and the FedRAMP Roadmap
It is impossible to predict the impact of a shutdown on 20x and the FedRAMP Roadmap in detail. In general, it is reasonable to expect that each week FedRAMP is focused only on mission-essential activities, the result will be up to two weeks of delay in any non-essential plans. This extended delay accounts for both the direct interruption and the time needed to regain momentum and address backlogged tasks once the shutdown concludes.
