EPA offers rough timeline for new agile contracting vehicle
July 27, 2016
During a standing-room-only industry day, officials laid out their plans for the agency’s agile blanket purchase agreement.
David Stegon was a staff reporter for FedScoop and StateScoop from 2011-2014.
The first set of third party service providers able to provide the federal government with cloud computing services as part of the Federal Risk and Authorization Management Program will be announced next month, General Services Administration Associate Administrator of the Office of Citizen Services and Innovative Technologies Dave McClure said Friday.
Speaking at the first public meeting of FedRAMP’s Joint Authorization Board, McClure said the JAB has used baseline standards and controls already in place with the National Institute of Standards and Technology’s 800 series of security reports.
“We are using a very rigid process, using ISO assessments and a variety of other standards in authorizing these companies,” McClure said.
The JAB consists of the chief information officers from the Department of Defense, Department of Homeland Security and GSA, along with official designees of each of those offices and the program’s program management officer within GSA.
Both GSA CIO Casey Coleman and DHS CIO Richard Spires took part in the meeting along with Defense Deputy CIO for Information Management, Integration and Technology David DeVries, who sat in for CIO Teri Takai. The JAB’s meeting was hosted by the Association for Federal Information Resources Management at the Crowne Hamilton Hotel in Washington, D.C.
Throughout the program, the JAB will provide the technical knowledge and skills that gives a government-wide baseline approach to address the security needs associated with placing federal data in cloud computing solutions.
Additionally, the JAB will provide joint provisional security authorizations of cloud solutions using this baseline approach. This provisional authorization will create an authorization package that can be leveraged by individual agencies across the federal government to grant an authority to operate at their respective organizations.
Notes from the meeting:
FedRAMP aims to reduce duplicative efforts, inconsistencies and cost inefficiencies associated with the current security authorization process. The program will also establish a public-private partnership to promote innovation and the advancement of more secure information technologies.
By using an agile and flexible framework, FedRAMP will enable the federal government to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations and allowing agencies to leverage security authorizations on a government-wide scale.
FedRAMP was first announced in 2010 as part of the Office of Management and Budget’s 25 Point Plan to Reform Federal IT, authored by former Federal Chief Information Officer Vivek Kundra and now OMB Acting Director Jeff Zients.
The White House released a memorandum in December outlining the program that Federal CIO Steven VanRoekel said will save the government 30 to 40 percent on cloud computing costs.