October was a busy month for FedRAMP. From Federal Secure Cloud Advisory Committee (FSCAC) meetings to an automation overhaul, there were a slew of activities aiming to further prepare the program for the future it faces and will need to serve.
Developing the Next Generation of FedRAMP
The push to really explore FedRAMP’s upcoming chapter began with the first FSCAC meeting of the month on October 19. The focus of this particular gathering was to delve further into the Cloud Solution Provider (CSP) Authorization Path and offer an opportunity to present insights on how to enhance this process. The following convening on October 26 was centered around the growing role of Continuous Monitoring (ConMon), also offering an opening of the floor to discuss input that would lead to draft recommendations. But the key theme that keeps recurring is automation.
While the forthcoming November meetings will tune more deeply into equipping the Committee with detail on FedRAMP’s automation strategies, the effort to streamline has already been a heavily emphasized subject. This was solidified when a memorandum was released by the Office of Management and Budget (OMB) to update the FedRAMP program. In addition to outlining new requirements such as procedures for preliminary authorizations and modernizing security baselines, the memo puts forth deadlines. For instance, it states that “Within 90 days, and up to annually thereafter, GSA will submit a plan to OMB for accomplishing the tasks set forth under the new guidance, including staffing plans and budget information.”
The memo also addresses the need to expand the size of the FedRAMP marketplace in order to meet the rising cloud and software-as-a-service demand, which includes speeding up the authorization process through tools like automation and shifting agencies away from “cloud infrastructure designed solely for government use,” as described by Adam Mazmanian at NextGov/FCW. You can read more of our takeaways here.
Of course, cybersecurity is an important point in evolving FedRAMP and similar initiatives as well. The proposal for the Defense Department’s new cybersecurity standard and certification was actually something that Stacy Bostjanick, head of DOD’s Cybersecurity Maturity Model Certification, commented on at an October event. According to Bostjanick, she is hoping to see the introduction of the enriched standard. In the meantime, the Department is putting together a project that would widen small business participation in CMMC compliance.
Executive Order on AI
The real star of October came at the end of the month with President Biden signing an executive order on artificial intelligence. Coming as AI fuels conversations and activity across almost all sectors, businesses, and locations, the EO seeks to capture the benefits of this emerging tech while avoiding its downfalls. Generally, the mission is to establish a structured, information-sharing approach that oversees AI development. As reported by Josh Boak and Matt O’Brien at the AP, “It’s part of a broader strategy that administration officials say also includes congressional legislation and international diplomacy.”
FedRAMP intends to take part in this era-defining effort. In a corresponding blog post, FedRAMP explained that it will work alongside fellow stakeholders to both analyze and strategize how best to adopt AI, including cloud-based AI-related products. Of course, stackArmor is also prepared to navigate this expanding space with our Approval To Operate (ATO) for AI™ accelerator and growing AI Risk Management Center of Excellence, including members such as Suzette Kent.
Sources:
- “Federal Secure Cloud Advisory Committee; Notification of Upcoming Meeting” – General Services Administration, Federal Register
https://www.federalregister.gov/documents/2023/09/25/2023-20661/federal-secure-cloud-advisory-committee-notification-of-upcoming-meeting - “OMB Seeks Comment on Guidance for FedRAMP Overhaul” – John Curran, MeriTalk
https://www.meritalk.com/articles/omb-seeks-comment-on-guidance-for-fedramp-overhaul/ - “White House looks to scale FedRAMP with automation” – Adam Mazmanian, NextGov/FCW
https://www.nextgov.com/acquisition/2023/10/white-house-looks-scale-fedramp-automation/391578/ - “Fingers crossed: DOD’s CMMC lead anxious for November release” – Nick Wakeman, Washington Technology
https://washingtontechnology.com/contracts/2023/10/fingers-crossed-dod-cmmc-lead-anxious-november-release/391628/ - “Biden wants to move fast on AI safeguards and signs an executive order to address his concerns” – Josh Boak & Matt O’Brien, AP
https://apnews.com/article/biden-ai-artificial-intelligence-executive-order-cb86162000d894f238f28ac029005059 - “FedRAMP’s Role In The AI Executive Order” – FedRAMP, FedRAMP Blog
https://www.fedramp.gov/2023-10-31-fedramps-role-in-the-ai-executive-order/
