The General Services Administration’s 18F and Amazon Web Services will help the federal government move a step closer toward more directly connecting mobile users to a Federal Risk and Authorization Management Program-compliant cloud.
Officials said that, since May, 18F and AWS have been working on a pilot that would allow cloud service providers to receive FedRAMP and trusted Internet connection certification in one test. The pilot is part of the recently announced FedRAMP-Trusted Internet Connection Overlay program. For customer agencies, using the services of those FedRAMP-TIC-compliant cloud providers would let mobile users directly access the cloud. Currently, agencies must route mobile traffic though an agency network and back through a trusted connection.
In the early stages of the pilot, AWS has demonstrated the broad strokes of how it hopes to merge the baseline requirements of FedRAMP and TIC. Jennifer Gray, a compliance architect with AWS, said Thursday at the Amazon Web Services Government, Education and Nonprofits Symposium in Washington, D.C., that her team has seen success.
“We’ve already identified that, based on what we already have in our AWS security package, we can achieve the TIC capabilities controls about 90 percent already,” Gray said. “What this means for our AWS customers is that you guys already have the capabilities and can leverage that.” AWS is working with the Veris Group as its third part assessment organization to test its compliance.
Working with 18F, “we’ll actually get to demonstrate what are some of the things we need to do visually,” Gray said.
Sara Mosley, TIC program manager at the Department of Homeland Security, said DHS is looking at this work with 18F “as a means to prove the concept that yes … Amazon is TIC ready, but then how is that applied in a real world scenario?”
Matt Goodrich, GSA’s director of FedRAMP, said for now the plan is to stick with mobile users, and then later on expand to other devices and networks. Limiting it to mobile, he said, is “a large use case now because of how large mobile is becoming in the government.”
Goodrich said while cloud providers offer different services, this pilot should give FedRAMP a good baseline for a system that will give federal employees the flexibility to access the crucial information stored in their agencies’ clouds more effectively.
FedRAMP and the TIC program management office at DHS are working on other pilots at the same time, testing different as-a-service models and an alternative to the Amazon-18F pilot.
“We’re looking at everything,” Mosley said. “But the TIC overlay has the best promise.”