Hi All,
The purpose of the FedRAMP program is to increase Federal agencies' adoption and secure use of the commercial cloud, by providing a standardized, reusable approach to security assessments and authorizations for cloud computing products and services. Through centralization, FedRAMP reduces duplicative authorization activities, allowing CSPs to deliver and agencies to adopt secure cloud services more efficiently. Focusing FedRAMP on the highest value work, as outlined in this guidance, will support broader efforts to reduce the nation's cybersecurity risks, contributing to a more stable technology ecosystem by incentivizing CSPs to make security improvements that protect all of their Federal Government customers.
The goal of this guidance is to strengthen and enhance the FedRAMP program. FedRAMP has provided significant value to date, but the program must change to meet the needs of Federal agencies and the evolving cloud marketplace. The FedRAMP Marketplace must scale dramatically to enable Federal agencies to work with many thousands of different cloud-based services that accelerate key agency operations while allowing agencies to reduce the footprint of the information technology (IT) infrastructure that they directly manage.
------------------------------
Michael Roza CPA, CISA, CIA, CC, CCSKv5, MBA, Exec MBA, CSA Res
------------------------------