An Information Technology and Innovation Foundation (ITIF) report says the Joint Authorization Board and the program management office for the Federal Risk and Authorization Management Program (FedRAMP) should require agencies to designate a FedRAMP liaison and conduct pilot programs to identify ways how to streamline the program to facilitate reviews and authorization of cloud services.
Congress should also pass a bill that would provide FedRAMP with needed funds to employ more professionals to help accelerate assessments of cloud offerings, ITIF said in the report published Monday.
“Without the necessary changes and funding, the program risks helping, but also hindering, federal agencies to adopt cloud services,” Michael McLaughlin, a research analyst at Washington, D.C.-based public policy think tank ITIF, wrote in the report.
The House passed in February a bill that would codify FedRAMP. ITIF called on Congress to make some changes to the proposed FedRAMP Authorization Act to increase the security and availability of cloud platforms for use by federal agencies.
These are expanding the JAB, hiring technical professionals within the PMO to develop automation tools and other platforms, broadening the number of authorization metrics tracked, requiring the JAB and agencies to offer authorization packages to the National Institute of Standards and Technology (NIST) and increasing reuse of authorizations by requiring agencies to secure exemptions.