Event Recap: FedRAMP 2024 Overview: What’s New

According to a brief poll of attendees during DGI’s recent virtual workshop, “50% of government agencies are currently using a FedRAMP approved solution. 9% are considering it and 4% they’re not using. OMB’s Deputy Federal CIO, Drew Myklegard acknowledged that “like many organizations, you all are at different stages… and what you’re seeing in this evolution is us moving towards showing authorizations between agencies that have common interests and products, and then working together to make sure that those are safe and secure.” This trend is seen in the monetary investment agencies are making. Dave Hinchman, Director, Information Technology & Cybersecurity with GAO stated that “in Fiscal Year 2022, agencies obligated about $7 billion for cloud computing contracts.” OMB is also investing in the FedRAMP movement by focusing on a number of key areas, as outlined by Policy Analyst, Laura Gerhardt including how to:

• “Incentivizing re-use,
• Evaluate technology that will ease the pathway to an eventual authorization,
• Incorporate newer industry practices that can improve security laws and satisfy controls in new ways,
• Streamline and automate the authorization process”, and
• Work towards transparency and open metrics.

In the workshop, OMB and GAO experts went into even greater detail about:

• How automation and re-use will drive change for agencies and vendors.
• The intersection of cloud and AI and increasing the number of AI products available in the FedRAMP marketplace.
• How the public and members of the vendor community can stay engaged and assist while guidance is finalized.
• Summary of results from the recently released GAO report on the current state of FedRAMP.
• Vulnerabilities of cloud computing and how to mitigate risk.
• Case studies of four agencies using six key practices to protect their cloud.
• What agencies can do differently.