New FedRAMP guidance forthcoming as the cloud marketplace evolves

Deputy Federal CIO Drew Myklegard speaks during a fireside chat at FedTalks 2023. (FedScoop)

New policy guidance is coming soon to help agencies comply with the Federal Risk and Authorization Management Program (FedRAMP) as the cloud landscape evolves, according to the federal government’s No. 2 IT official.

Drew Myklegard, deputy federal CIO, said Thursday at FedScoop’s FedTalks that the forthcoming guidance comes as the federal cloud marketplace has evolved to be more dominated by software-as-a-service (SaaS) and platform-as-a-service (PaaS) offerings.

“The landscape has changed. SaaS — and now it’s heavy, heavy SaaS — and a lot of PaaS providers really need access to the government and their mission. So now we’re pivoting and it takes a couple of years to do that, but we’re pivoting towards that market,” Myklegard said.

He continued: “We’ve seen an exponential growth every couple of years of these SaaS providers and the tools. But what we haven’t seen is similar exponential growth in their adoption, at least like ATO-ed [authority to operate], secured and monitored by the CIOs out there of those types of products.”


Myklegard said shortly after he joined the Office of Management and Budget a little more than a year ago, he began leading efforts to talk to agencies to get feedback on the state of FedRAMP, and that has informed the decision to provide updated guidance.

“We talked to a lot of agencies and their experiences with FedRAMP, and they talked about a lot of the problems,” he said. “We listened to probably 30 different agencies and got a lot of great feedback. It’s going to inform the policy that’s forthcoming in some period of time in the future,” which he doesn’t want to put a deadline on, he said.

That document will be put out for public comment to hear “where we’re missing, where we’re hitting” with the direction of the policy.

The recent passage of the FedRAMP Authorization Act, which codified the program into law, has also bolstered its effectiveness by expanding the Joint Authorization Board and providing a Federal Secure Cloud Advisory Committee in line with the Federal Advisory Committee Act, Myklegard added.

The committee has had two meetings so far with another planned for this month, he said.


“We want to make sure that we’re really close in understanding what challenges the people on the ground are facing, as well as the industry products that are coming to market,” Myklegard said.

Billy Mitchell

Written by Billy Mitchell

Billy Mitchell is Senior Vice President and Executive Editor of Scoop News Group's editorial brands. He oversees operations, strategy and growth of SNG's award-winning tech publications, FedScoop, StateScoop, CyberScoop, EdScoop and DefenseScoop. After earning his journalism degree at Virginia Tech and winning the school's Excellence in Print Journalism award, Billy received his master's degree from New York University in magazine writing while interning at publications like Rolling Stone.

Latest Podcasts