The Alliance for Digital Innovation has called on the Office of Management and Budget and the General Services Administration to prioritize several measures as the two agencies update the policy governing the Federal Risk and Authorization Management Program and related FedRAMP guidance.
ADI said in a Wednesday letter that OMB and GSA should encourage real risk management from authorizing officials at agencies, incentivize agencies to fund new cloud services and related platforms and direct all new security compliance programs to build in reciprocity with FedRAMP.
Other recommendations offered by the trade association are promoting governance, consistency and objectivity across the technical review process; establishing a federal secure cloud advisory committee; instituting transparency in the reporting process; and addressing the barriers to facilitate the entry of small cloud businesses into the federal marketplace.
“The recent authorizing legislation provides the framework to reimagine FedRAMP in a way that keeps up with constantly accelerating demand and flexes to meet agency needs,” ADI wrote in the letter.
The trade group said government should work with commercial industry to come up with a policy that “encourages agencies to make risk-based decisions based on security threats and not perceived oversight.”
The letter was addressed to OMB Director Shalanda Young and GSA Administrator Robin Carnahan.