Welcome to another episode of FedRAMP in five – where we discuss all things FedRAMP in about five minutes. I'm Jason Shropshire and joining in with me is Ryan Adcock. Today, we're going to discuss some recent transformations we're witnessing in the FedRAMP and the DoD space.

Firstly, we explore the authorization wait times and timelines on both sides. We've noticed a recent increase in FedRAMP wait times, potentially due to the reorganization within GSA and leadership changes in FedRAMP, the dissolution of the Joint Authorization Board (JAB) and the delay in the issuance of guidance from OMB. In particular, we've seen the queue times increase over the past year. 

Secondly, its important to note that the traditional pathway for CSPs eyeing both civilian branch agency and DOD opportunities was to first aim for the FedRAMP ATO, followed by the DOD PA process. With the DoD reciprocity memo that was established in 2019, the DoD pretty much stopped accepting direct IL2 PAs, preferring that CSPs pursue FedRAMP instead, while DoD would focus on IL4 and IL5. This in-effect established a one-way reciprocity. However, in DoD's focus on IL4 and IL5, CSPs going this direction could find it difficult to convince their particular Mission Owner to help them through the process to get listed back in FedRAMP Marketplace. 

Now coming up to recent events, we need to discuss the recent memorandum M-24-15 and its implications. The memo from OMB is supportive of FedRAMP developing multiple pathways for reciprocity. The Modernization Roadmap released by FedRAMP includes mention of implementing a low-review process with "trusted authorization partners," and specifically mentioned a pilot with the DoD. This clearly implies the possibility of a more clear two-way reciprocity between FedRAMP and DoD. 

This element of reciprocity may be interpreted as a pathway for CSPs with a DoD PA to be listed in the FedRAMP marketplace – a promising prospect for those coming down that pathway.

The second point of interest is about CSPs who are already underway on the DoD provisional authorization journey. Here, changes could come into effect due to modifications driven by the recently passed law, guidance coming from OMB, and the modernization roadmap. This could pave a better pathway for such CSPs to be listed in the FedRAMP Marketplace.

And this is coming at a time when we are seeing faster review times on the DoD side. While this might not have always been the case, we have seen these times plummet in the past year, although we will warn that your mileage could vary based on the command you are working with.

All of this sets up the potential for a new path to FedRAMP authorization, combining the potential shorter review times that we've seen on the DoD side with the potential for reciprocity with the coming low-review process. If you have an eager Mission Owner within DoD we suggest a conversation with us on how we can use these current events to get your innovative cloud service into the hands of your Federal customers.

Another potential impact is the potential for a retroactive review of DoD authorized CSPs who are not in the FedRAMP marketplace. This reciprocity could be a significant gain, even a game-changer, as it offers new ways for innovative cloud services to penetrate government markets at scale. This also may tip the scale for CSPs who have been unwilling to invest in FedRAMP or DoD authorization previously, as reciprocity could open a broader range of opportunities at a lower overall cost of entry. 

It's an exciting time to be in the FedRAMP space. We'd love the opportunity to chat with you about this or any other topic on your FedRAMP / DoD authorization journey.  If you have any further queries or would like to learn more about FedRAMP and DoD authorization processes, please get in touch!