The Federal Risk and Authorization Management Program has introduced new requirements for cloud service providers that aim to obtain FedRAMP “In Process” designation in cooperation with an authorizing government agency.
Cloud vendors that receive In Process designation are actively pursuing FedRAMP authorization and are added to the FedRAMP Marketplace website, which provides information on the authorization status of cloud offerings, FedRAMP said Thursday.
The new requirements will help certify that information on the Marketplace are accurate and updated.
To achieve In Process status, an agency authorizing official or a FedRAMP-approved designee must announce to the FedRAMP program management office via e-mail that they are actively working with a cloud vendor to grant an Authority to Operate within a year.
The authorizing official or designee must also show one of the following to the FedRAMP PMO: proof of a contract award to procure the cloud platform; agency usage of the cloud offering; a FedRAMP Ready certification from the PMO; and the completion of a formal meeting on the launch of the authorization process.
The FedRAMP PMO will communicate with the cloud service provider and authorizing agency every four months from the issuance of the In Process designation to evaluate the company’s commitment to maintain such status.
The cloud vendor must also update the PMO on FedRAMP deliverables, projected timeline for final authorization and employee changes within the involved parties.
The FedRAMP PMO may revoke the In Process designation if it determines that a vendor is not actively working to achieve authorization.