The Office of Management and Budget has begun soliciting feedback on draft guidance meant to modernize and strengthen the Federal Risk and Authorization Management Program.
The draft memorandum seeks to define the scope of cloud offerings subject to FedRAMP, foster a consistent and transparent process for conducting security assessment and authorization of cloud services by agencies, establish requirements for agencies to use FedRAMP-authorized services and detail the responsibilities of the FedRAMP board and the program management office, OMB said Friday.
The draft memo’s key areas intend to address how FedRAMP would become an information security program grounded in risk management and technical expertise; provide multiple cloud authorization structures that incentivize agency partnership and reuse; use shared infrastructure between the federal government and the private sector; and streamline manual authorization processes through automation.
“We are taking a human-centered policy design approach and soliciting input to learn about how government and industry experience the FedRAMP process and how we could evolve the program to increase its use and drive greater impact,” said Clare Martorana, federal chief information officer and a previous Wash100 Award winner.
Chris DeRusha, federal chief information security officer, deputy national cyber director for federal cybersecurity and a previous Wash100 awardee, said the draft guidance builds on the current administration’s priorities as detailed in the cybersecurity executive order.
Public comments on the draft document are due Nov. 27.