Listen to the Deep Dive of this post
Accelerating Cloud Adoption: GSA Announces FedRAMP 20x
The U.S. General Services Administration (GSA) has announced a significant step forward in streamlining the adoption of cloud technologies across federal agencies with the introduction of FedRAMP 20x. This new initiative aims to revolutionize the Federal Risk and Authorization Management Program (FedRAMP) by focusing on a cloud-native approach to authorizations. The goal is to make the authorization process simpler, easier, and cheaper while continuously enhancing security.
Recognizing the need for improvement in the partnership between the government and the commercial cloud industry, GSA Acting Administrator Stephen Ehikian emphasized the commitment to cutting waste and adopting the best available technologies to modernize the government’s aging IT infrastructure. FedRAMP 20x is designed to provide agencies with access to the latest technology much faster than the current process allows.
FedRAMP 20x is built on several core principles:
- GSA will lay the groundwork for private sector innovation by making it easier for cloud providers to adopt modern security practices and demonstrate their leadership in secure cloud solutions. Public working groups will be held to gather industry input and provide technical guidance.
- Bureaucracy will be reduced through automation, addressing the current time-consuming and manual paperwork involved in obtaining FedRAMP approval, which is mandatory for all federal agency cloud services.
- The initiative aims for faster and more secure cloud adoption, significantly reducing the months or even years it currently takes for a cloud provider to get FedRAMP approval, with a target of approvals in weeks for new cloud services.
- Flexibility and collaboration will be enhanced by building on existing trust and facilitating more direct interaction between providers and agencies, moving away from FedRAMP traditionally acting as an intermediary.
Thomas Shedd, Technology Transformation Services Director and Deputy Commissioner of the Federal Acquisition Service, highlighted that FedRAMP 20x is not just modernizing a process but reimagining federal cloud security and empowering agencies to determine their own risk posture.
Key changes being implemented to accelerate the program include:
- No federal agency sponsor will be required for simple, low-impact service offerings.
- Unnecessary and duplicative paperwork will be eliminated.
- Turn-key adoption will be available for simple, cloud-native environments.
- Security requirements will be engineer-friendly and easier to implement.
- Authorization is expected within weeks for most cloud offerings.
Carrie Lee from the Department of Veterans Affairs expressed excitement about FedRAMP 20x, noting its potential to streamline processes through automation and modern technologies, leading to faster and more secure cloud adoption across federal agencies. This initiative is expected to lower vendor costs, increase competition, and build greater trust with the industry.
The private sector has also expressed positive feedback, anticipating increased government efficiency and faster adoption of secure, innovative technologies. Cloud Service Providers (CSPs) appreciate the move towards less bureaucracy and a shift where the government acts more as a consumer.
FedRAMP 20x represents a significant step towards a more efficient and secure federal cloud landscape, promising faster access to cutting-edge technology for government agencies and ultimately better services for the American people.
Tags: FedRAMP, cloud computing, government, GSA, technology, security, authorization, FedRAMP 20x, cloud adoption, IT modernization, federal agencies, innovation, automation, cybersecurity, cloud service providers