The Federal Risk and Authorization Management Program (FedRAMP) was originally created to evaluate the security of commercial services for use in government. However, receiving authority to operate (ATO) can often be a long process for vendors, which means agencies have to wait to modernize citizen services, improve cybersecurity, and migrate to cloud environments.
Even once the technology has been approved to be used by one agency, vendors will often have to undergo the process again to receive ATO at another agency with the same security level. In recognition of this, the Office of Management and Budget (OMB) recently released a draft memorandum regarding the evolution of FedRAMP and how they could update ATO frameworks to better meet the current and future modernization needs of federal agencies.
In a recent interview with Fed Gov Today, Neil Kronimus, Senior VP of Technology Strategy & Solutions at Maximus, explained that as the OMB works on finalizing its guidelines for the evolution of FedRAMP, it needs to create a clear plan for agencies and vendors to phase in agency-specific goals. “Human-centered design thinking is great, but I want to see how they are going to implement that down the road,” Kronimus said. “The whole point of [FedRAMP] is to make it easier for the agencies to serve their mission and that’s where we got to get to.”
Kronimus believes that by leveraging technology like automation and creating an environment of continuous communication and monitoring, the OMB can transform the ATO process and empower agencies with the technology they need to meet mission goals.
To learn more about the future evolution of FedRAMP, watch the video interview.