FedRAMP’s First-Ever Award Winners and Program Update

The Federal Risk and Authorization Management Program (FedRAMP) of the General Services Administration (GSA) on Wednesday announced the winners of the inaugural FedRAMP Five Awards at ATARC’s Cloud & Data Center Summit.

The FedRAMP Five is FedRAMP’s first-ever awards program and honors the agencies and people that are doing the most to shape program progress to enable cloud providers to work with the Federal government and provide approved and secure cloud services.

The Large Agency Award went to the Department of Health and Human Services (HHS). HHS was recognized for its agency cloud security team, for leading the first-ever FedRAMP agency authorization, for partnering with vendors to authorize more than 10 cloud service providers in FedRAMP, and for using the services of 46 different FedRAMP providers.

The Small Agency Award went to the Federal Communications Commission (FCC). FCC was recognized as the small agency with the most FedRAMP authorized and in-process cloud service offerings–a total of 17. The agency was also cited as a strong advocate, spreading the word on the benefits of FedRAMP at small agencies.

The program also acknowledged Steve Hunt from the National Aeronautics and Space Administration as the Large Agency Tech Lead Award winner, Greg Gray from the Broadcasting Board of Governors as the Small Agency Tech Lead Award winner, and Daniel Pane from HHS as the Future Leader Award winner.

Following the presentation, FedRAMP Director Matt Goodrich provided an update on FedRAMP, citing program successes and calling 2018 the “Year of Refinement” for the program.

Goodrich said FedRAMP’s Project Management Office held more than 750 meetings in the past year with agencies and industry alike. He said the program has a greater than 97 percent satisfaction rate on the responses to roughly 10,000 queries submitted to FedRAMP via email last year, with an average response time of less than 3 hours.

Goodrich said the number of Federal agencies using FedRAMP is now up to 138. FedRAMP Evangelist Ashley Mahan said earlier in the day that 40 of those agencies have come on board in the last year, among them many smaller agencies.

Goodrich also noted the overwhelming demand for FedRAMP training services and other guidelines, citing both the new FedRAMP Training Platform and authorization boundary guidelines.

Bearing in mind those successes, Goodrich said there will be several areas of increased focus going into 2018. Among them is a push for more FedRAMP Tailored authorizations, which relate to low-risk systems like collaboration tools, project management applications, and open-source code tools. Adobe received the first FedRAMP Tailored authorization last month.

Goodrich said the program is looking to continually cut the time it takes for cloud service providers to get authorized without reducing any of the rigor of the process; he said there has been much success, and authorization times are shorter across the board.

FedRAMP is also actively looking to expand the number of authorized cloud services.

“This is obviously something that everybody wants,” Goodrich said. “The more cloud services you have for agencies, the more options you have, the more things you can move to the cloud. For vendors, the more that are in, the more agencies can use your services.”