In our last article, we argued that the government’s FedRAMP cybersecurity program was a reasonable and effective tool for reducing cybersecurity threats, but after 10 years, it remains under-funded and insufficiently scaled to address the universe of 18,000 cloud-based commercial products. We argued for increasing funding and setting up a robust FedRAMP shared service model that could serve the entire government. We believe relieving individual agencies of pursuing their own FedRAMP authorizations is an efficient approach to break the current authorizations bottleneck.
Two days after publication, Colonial Pipeline shut down its gas transport operations because of another criminal ransomware attack. Then on May 12, the White House released a long-awaited executive order designed to improve the “Nation’s Cybersecurity.” In the wake of the Office of Personnel Management, SolarWinds, and Colonial Pipeline breaches, it appears the government is ready to take a serious stand on enforcing cybersecurity through enhanced procurement regulations designed to block and purge unsafe software.
Click here to read the article coauthored by Gaurav “GP” Pal, CEO and Founder, stackArmor.