Top Threats

Modernizing the Federal Risk Authorization Management Program (FedRAMP)

  • 1.  Modernizing the Federal Risk Authorization Management Program (FedRAMP)

    Posted Dec 01, 2023 01:21:00 PM
      |   view attached

    Hi All,

    The purpose of the FedRAMP program is to increase Federal agencies' adoption of and 
    secure use of the commercial cloud while focusing cloud service providers and agencies on the 
    highest value work and eliminating redundant effort. 

    To do this, FedRAMP provides a standardized, reusable approach to security assessment 
    and authorization for cloud computing products and services. The FedRAMP program supports 
    broader efforts to reduce the nation's cybersecurity risks, contributing to a more stable 
    technology ecosystem by incentivizing CSPs to make security improvements that protect all of 
    their Federal customers.

    The goal of this guidance is to strengthen and enhance the FedRAMP program. 
    FedRAMP has provided significant value to date, but the program must change to meet the needs 
    of Federal agencies and address the scope of the cloud marketplace. The FedRAMP marketplace 
    must scale dramatically to enable Federal agencies to work with many thousands of different 
    cloud-based services can accelerate key agency operations while allowing agencies to 
    directly manage a smaller IT footprint.

    OMB is soliciting public comment on the draft guidance until December 22, 2023.  To submit a public comment, visit

    Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe