mThe Federal Risk and Authorization Management Program has started soliciting feedback from stakeholders on a plan to create a new funding source to support efforts to scale FedRAMP, grow the program’s authorization capacity and oversee cloud service providers, or CSPs, in a more flexible way.
Table of Contents
More Capacity to Conduct Continuous Monitoring
FedRAMP said Friday a demand-responsive funding source could enable the continuous monitoring process to kick off before a cloud provider becomes authorized.
According to FedRAMP, such a practice could enable CSPs to continue making changes and improve their product.
With a new funding source, the program could grow the size and pace of relevant pilots, like FedRAMP’s agile delivery and digital authorization pilots; centrally oversee the ongoing security of cloud offerings in the marketplace; and scale the number of reviewers who work with CSPs through the FedRAMP authorization and continuous monitoring processes.
Questions for Stakeholders
FedRAMP is asking CSPs about factors to consider in creating a cost model, specific parts of the authorization and continuous monitoring processes that should receive the most direct investment and other compliance initiatives that charge money that could serve as good models for the program to consider.
The program also wants the public’s input on a cost model that is right for smaller businesses and other significant process options that FedRAMP could consider making with dynamic funding.
Comments are due Feb. 28.
According to FedRAMP, a decision to charge CSPs to scale the program has not been made. Public input, consultation with cloud providers and internal government coordination will inform the final plan.