It’s been a few weeks now since Carahsoft’s FedRAMP Headliner Summit, but there is no shortage of moments to recall from it. For instance, Robert Costello commemorated his two-year anniversary as CIO at the Cybersecurity and Infrastructure Security Agency (CISA) during the event. While speaking on his role, he explained the difference that has unfolded, including a greater emphasis on having technically savvy federal employees. As quoted by MeriTalk, he stated, “We’re now doing cutting-edge technology solutions, providing services to the agencies that we weren’t before…”
Growing Demand for Cloud Services
It’s an important point that agencies such as CISA are enhancing tech skills. With growing risk, expanding innovations, and rising regulations, the demand is higher than ever. This is seen in funding initiatives as well. According to Government Technology, the federal government is preparing to distribute $1 billion to states and cities in order to support their cybersecurity plans.
As these tech skills and funding are applied, one of the most important focal areas is the cloud. Harvard Business Review reports that federal agencies will put $9 billion toward cloud-based solutions. Considering that cyber theft can cost up to $200 to $600 billion annually, having compliant, secure cloud solutions is essential. That’s why software as a service (SaaS), platform as a Service (PaaS), and infrastructure as a service (IaaS) must receive a version of Authority To Operate (ATO).
New Guidance for Saas and Cloud Services
While services seek approval, they most certainly need to meet FedRAMP standards. Luckily, there is a new policy guidance on its way. Drew Myklegard, deputy federal CIO, stated during FedScoop’s FedTalks that, “The landscape has changed. SaaS — and now it’s heavy, heavy SaaS — and a lot of PaaS providers really need access to the government and their mission.” But that doesn’t come without challenges. To overcome them, officials spoke with around 30 agencies to gain insight, which helped steer the forthcoming document. Fedscoop shares that that guidance will be put out for public review and comment.
Looking Ahead
That’s not all that’s coming in the near future for FedRAMP and its surrounding network. There is now an updated version of the American Association for Laboratory Accreditation (A2LA) R311 for third party assessment organizations (3PAOs) that comes with additional certification options, reporting requirements for foreign ownership, and more. And on October 19 and 26, the Federal Secure Cloud Advisory Committee (FSCAC) will have its next public meetings to review information on the Cloud Solution Provider (CSP) Authorization Path and Continuous Monitoring (ConMon) process.
As the FSCAC continues to meet, there is one topic that is sure to come up at some point in each agenda – AI. stackArmor is on top of this. At the end of September, we launched our Approval To Operate (ATO) for AI™ accelerator, which helps public sector and government organizations rapidly implement security and governance controls to manage risks associated with Generative AI and General AI Systems. Alongside this solution, we introduced the AI Risk Management Center of Excellence (CoE), a collective of executives with in-depth knowledge of the space. Through both the accelerator and CoE, we intend to help clients and the industry best navigate this emerging technology and its overall impact.
Sources:
- “CISA CIO: Workplace Culture Improves ‘Dramatically’ After 2 Years” – Cate Burgan, MeriTalk
https://www.meritalk.com/articles/cisa-cio-workplace-culture-improves-dramatically-after-2-years/ - “How Do States Plan to Use Federal Cybersecurity Grants?” – Jule Pattison-Gordon, Government Technology
https://www.govtech.com/security/how-do-states-plan-to-use-federal-cybersecurity-grants - “What It Takes to Sell Cloud-Based Software to the U.S. Government” – Luke Bencie and Sarah Bencie, Harvard Business Review
https://hbr.org/2023/05/what-it-takes-to-sell-cloud-based-software-to-the-u-s-government - “New FedRAMP guidance forthcoming as the cloud marketplace evolves” – Billy Mitchell, FedScoop
https://fedscoop.com/new-fedramp-guidance-forthcoming-as-the-cloud-marketplace-evolves/ - “A2LA Updates the R311” – FedRAMP, FedRAMP Blog
https://www.fedramp.gov/2023-09-19-a2la-updates-the-r311/ - “Federal Secure Cloud Advisory Committee; Notification of Upcoming Meeting” – General Services Administration, Federal Register
https://www.federalregister.gov/documents/2023/09/25/2023-20661/federal-secure-cloud-advisory-committee-notification-of-upcoming-meeting