Changes with FedRAMP Program Could Speed up Approval Process

Nearly four years have passed since the government introduced FedRAMP, a program designed to encourage federal agencies to embrace cloud computing as a way to significantly reduce federal IT operating and capital investment costs.

FedRAMP, officially known as the Federal Risk and Authorization Management Program, was introduced as a way to streamline the process needed to assess the security risks of using cloud-computing systems. FedRAMP, which features a common set of security controls and an independent verification system, allows agencies to use a cloud service that already has been authorized for use by another federal agency. As a result, the agencies do not have to repeat the security authorization process.

Changes with FedRAMP Program Could Speed up Approval ProcessAlthough FedRAMP, which is managed by the General Services Administration, has been increasingly accepted, it had been criticized for having too long of an approval process. In some cases, it has taken more than a year.

Under the new FedRAMP Accelerated program, the approval process will take an average of three to six months.

Federal Computer Week said the new accelerated process “will require CSPs that want to work with the Joint Authorization Board for FedRAMP approval to have a third-party assessment organization, or 3PAO, conduct the initial capabilities assessment before diving into detailed documentation.”

If the 3PAO gives the cloud service provider a nod of approval, the provider would be considered “FedRAMP ready,” after the additional approval of the FedRAMP team. According to Goodrich, the designation would be legitimate and give agencies the assurance that the service was ready for use, Federal Computer Week reported.

While the new changes focus on speed, FedRAMP Director Matt Goodrich said it was never among the goals. "Our primary focus was security, avoiding hacks, avoiding breaches. But as we rethink the FedRAMP process, we know that the process needs to be quicker, but without sacrificing security standards."

At Lifeline Data Centers, we’re committed to achieving the highest standards in data center security. In addition to being certified as a Tier 4 facility, we are on track on getting FedRamp certified. Contact us for a tour of our facility to find out how we can meet your data center needs. We’re happy to show you around.

Want to learn why EMP shielding, FedRAMP certification, and Rated-4 data centers are important? Download our infographic series on EMP, FedRAMP, and Rated-4!

Rich Banta

Rich Banta

Managing Member at Lifeline Data Centers
Rich is responsible for Compliance and Certifications, Data Center Operations, Information Technology, and Client Concierge Services. Rich has an extensive background in server and network management, large scale wide-area networks, storage, business continuity, and monitoring. Rich is a former CTO of a major health care system. Rich is hands-on every day in the data centers. He also holds many certifications, including: CISA – Certified Information Systems Auditor CRISC – Certified in Risk & Information Systems Management CDCE – Certified Data Center Expert CDCDP – Certified Data Center Design Professional
Rich Banta