TheÂ Federal Risk and Authorization Management Program has introduced new requirements for cloud service providers that aim to obtain FedRAMP “In Process” designation in cooperation with an authorizing government agency.
Cloud vendors that receiveÂ In Process designation are actively pursuing FedRAMP authorization and are added to theÂ FedRAMP Marketplace website, whichÂ provides information on the authorization status of cloud offerings, FedRAMP said Thursday.
The new requirementsÂ will help certify that information on the Marketplace are accurate and updated.
To achieve In Process status, an agency authorizing official or aÂ FedRAMP-approved designee must announce to the FedRAMP program management office via e-mail that they are actively working with a cloud vendor to grant anÂ Authority to Operate within a year.
The authorizing official or designee must also show one of the following to the FedRAMP PMO:Â proof of a contract award to procure the cloud platform; agency usage of theÂ cloud offering; aÂ FedRAMP Ready certification from the PMO; and the completion of a formal meeting on the launch of the authorization process.
TheÂ FedRAMP PMO will communicate with the cloud service provider and authorizing agency everyÂ four months from the issuance of the In Process designation to evaluate the company’s commitment to maintain such status.
The cloud vendor must also update the PMO onÂ FedRAMP deliverables, projected timeline for final authorization and employee changes within the involved parties.
TheÂ FedRAMP PMO may revoke the In Process designation if it determines that a vendor is not actively working to achieve authorization.