18F: Cloud platform authorization coming in November
The General Services Administration’s 18F digital services team has passed a preliminary milestone in authorizing its cloud.gov platform and intends to have its provisional authority to operate by November.
Cloud.gov — a “secure and compliant” service to get agencies governmentwide started rapidly building and deploying digital services in the cloud — recently received its Federal Risk and Authorization Management Program Ready approval June 2, meaning it is on its way toward full FedRAMP compliance, the team behind the platform wrote in a blog post Monday.
“The full process takes several months of work by all sides, so the preliminary readiness evaluation is an important way to give a provider quick feedback (and an opportunity to step back if it’s not ready yet),” the post says. “We’re continuing with this process, and we expect to receive FedRAMP Joint Authorization Board [JAB] Provisional Authority to Operate in November,” meaning other agencies can use the platform without having seek its own independent approval.
Earlier this year, 18F’s cloud.gov was one of three cloud service providers, along with Microsoft and Unisys, named to pilot a revamped FedRAMP authorization process, called FedRAMP Accelerated, which GSA said “will reduce the time it takes CSPs to earn FedRAMP authorization by 75 percent — in as little as 3 months, without compromising the program’s rigorous security standards.”
18F is slated to kick off the FedRAMP Accelerated JAB provisional ATO process Aug. 8.
“We’re excited to kick off with cloud.gov in a few weeks,” FedRAMP Director Matt Goodrich told FedScoop in an email. “Based on their progress through achieving FedRAMP Ready under the new capabilities assessment and now cloud.gov‘s full assessment with Veris, we’re confident that we’ll be able to move through the assessment process with a provisional authorization in 3 to 6 months.”
[Read more:FedRAMP embraces the need for speed]
Cloud.gov’s third-party assessment organization, Veris Group, highlighted in its readiness assessment report that there are “a set of remediations necessary before the full assessment by Veris Group commences,” according to cloud.gov’s FedRAMP status page. “The cloud.gov team is working its way through this list in close communication with the FedRAMP [project management office].”
Most of those improvement have to do with moving cloud.gov systems to Amazon Web Services’ GovCloud and “articulating our team policies and practices (such as expanding our security incident response plan),” the team wrote in the blog.
And on the documentation side, 18F said it is working to automate its compliance work as much as possible, making it an open source and sharable feature for “anyone else who needs to go through this process, including agency teams and industry vendors.”
“We built cloud.gov to help 18F teams work faster with fewer barriers, and we want to help many fellow federal digital teams use it too, so that we can all serve the needs of the public better,” the post says.
18F currently uses cloud.gov internally to support project deployments for customer agencies, but plans to offer it to agencies to use themselves through a cost-recoverable fee-for-service model. The team is currently taking inquiries from interested agencies in anticipation of its provisional ATO.