FedRAMP ATO Tips and Trends for 2021

As an extension of FISMA, the U.S Federal Government had to enact stricter parameters for the service providers they choose to work with. Thus, FedRAMP was established in 2012 and is managed by the U.S. General Services Administration. The FedRAMP marketplace for government focused cloud solutions continued to grow and scope with over 200 authorized solutions. Federal agencies seeking to buy commercial cloud services are required to acquire only FedRAMP authorized services. There are many services to choose from listed in the FedRAMP.gov marketplace with more to come. Since 2012, the adoption of commercial cloud services has continued to grow year after year presenting a growth opportunity for ISV’s, Startups, and Small Businesses to deliver new and innovative solutions to an IT market with over $80 Billion in annual spending.  If you are interested in pursuing a FedRAMP ATO, continue to read some insights and tips to help you make the right FedRAMP ATO investment decisions in 2021.

FedRAMP ATO Authorizations in 2020

There were 74 authorizations in 2020 of which 9 were performed by the JAB and the remaining were Agency sponsored ATO’s. A total of 24 agencies participated in the program in 2020 and accredited 65 systems. The top agency with FedRAMP sponsored ATO’s continued to be the Department of Health and Human Services (HHS) followed by GSA. The list below provides an overview of the Top 10 agencies that successfully authorized FedRAMP accredited systems in 2020:

RankName of AgencyNumber of ATO’s
1Department of Health and Human Services12
2General Services Administration7
3Department of Commerce5
4Department of Veterans Affairs5
5Department of Defense4
6Department of Energy4
7Department of Justice4
8Department of Homeland Security3
9Department of the Treasury3
10Department of Agriculture2
10Department of State2
10Department of Transportation2
10Federal Communications Commission2

Source: FedRAMP.gov Marketplace

A quick analysis of the systems that received an Agency sponsored FedRAMP ATO in 2020 demonstrated an overwhelming majority of SaaS services over PaaS:

Deployment ModelNumber
SaaS55
PaaS4
PaaS, SaaS6

Source: FedRAMP.gov Marketplace

Selecting the right assessment partner is essential to ensure a creditable and successful FedRAMP ATO accreditation:

3PAO AssessorNumber of Assessments
Coalfire Systems, Inc.20
Schellman & Company, LLC18
Kratos16
A-LIGN Compliance and Security, Inc. dba A-LIGN8
Lunarline, Inc.5

Source: FedRAMP.gov Marketplace

stackArmor has worked with all the top 3PAO’s and provides extensive consultation support in helping pick the right 3PAO partner at the right price. As more and more startups, ISV’s and commercial organizations seek to provide cloud services to public sector and Federal agencies, achieving a FedRAMP ATO is a critical pre-condition.

Making the right FedRAMP ATO investment decisions for 2021

A recent market research study by Marketing Connections, Inc demonstrates that government buyers prefer to use FedRAMP-authorized cloud services. However, given the significant investment and time commitment associated with obtaining a FedRAMP ATO, a strategic approach to selecting the right architecture and deployment model is essential. As a case in point, hyper-scale cloud platform providers such as AWS provide two FedRAMP Moderate hosting options – AWS East/West or AWS GovCloud. The AWS GovCloud is a government community cloud with higher levels of security but also a higher cost which could be 20-25% higher than the East/West Region. Often ISV’s and commercial organizations must understand government buyer psychology and their risk tolerance. The FedRAMP market research study clearly identifies buyer preference for using a government-only community cloud.

stackArmor’s ThreatAlert ATO Accelerator solution provides a strategic framework for optimizing and accelerating FedRAMP, FISMA/RMF, and CMMC compliance. Clearly, positioning commercial cloud solutions for likely government buyers must take into consideration buyer preferences. Focusing on the right agency sponsor with the right deployment models is critical. Schedule a call with your stackArmor ATO specialist for some tips and guidance if you are interested in pursuing a FedRAMP ATO in 2021.

SHARE

MOST RECENT

CONTACT US