Skip to main content

FedRAMP News and Updates, May 28, 2024

Today, we're going to delve into some recent and significant developments within the FedRAMP space.

Background: FedRAMP Authorization Act

To understand the present, we need a bit of context. Let's rewind to December 2022, when the FedRAMP Authorization Act was signed into law as part of the National Defense Authorization Act. This legislation, championed by figures like Jerry Connolly and supported in a bipartisan manner, took years to materialize. Its purpose was to codify the FedRAMP program, laying the groundwork for the transformative changes we are witnessing today.
https://www.fedramp.gov/blog/2023-01-11-announces-passing-fedramp-auth-act/

The FedRAMP Roadmap

A few months back, the FedRAMP roadmap was released, and we've been unpacking its goals and implementation strategies in our current series. This roadmap is particularly aggressive yet essential to increasing the program's capacity and keeping up with the rapid pace of technological innovation. The ultimate objective is to ensure that the government has access to cutting-edge technology.
https://www.fedramp.gov/2024-03-28-a-new-roadmap-for-fedramp/

FSCAC Change
Recently, we’ve seen incremental news regarding membership changes and new appointments to the FedRAMP Secure Cloud Advisory Committee (FSCAC). Notably, a CISO from Project Hosts, a small business, has joined the FSCAC, a great step towards diversified representation.
https://www.gsa.gov/about-us/newsroom/news-releases/gsa-announces-membership-changes-to-federal-secure-05082024

FedRAMP Board Launched
We've also witnessed the formation of the FedRAMP Board, which marks a pivotal shift. The board includes new agencies and faces like the VA, Air Force, FDIC, and SSA, in addition to the existing members from DHS, DOD, and GSA. This expansion not only increases the board's size but also its range of agency involvement. 
These changes could potentially lead to the creation of joint authorization groups based on specific interests such as healthcare, finance, or law, thereby promoting a shared responsibility model for authorizations.
https://www.gsa.gov/about-us/newsroom/news-releases/fedramp-board-launched-to-support-safe-secure-use-05142024


The Launch of the Technical Advisory Group
Just this week, the Technical Advisory Group (TAG) was launched. Comprising program managers, engineers, and advisors from various agencies, the TAG is set to address pain points and solve authorization challenges. Seeing those on the front line actively involved promises great strides in improving the process.
https://www.gsa.gov/about-us/newsroom/news-releases/fedramp-launches-technical-advisory-group-to-help-05212024

Embracing AI for Efficiency
One of the most exciting recent developments is the GSA's exploration of leveraging AI to expedite the FedRAMP authorization process. This idea surfaced during an AI workshop hosted by NextGov, where Ryan Palmer from the PMO elaborated on using AI to streamline review cycles. For instance, large language models could handle initial review phases, reducing the back-and-forth between the PMO and CSPs.

In the industry, we’re already looking at using AI to generate System Security Plans (SSPs) and leveraging configuration guidance to outline best practices. It makes sense for FedRAMP to adopt similar methodologies to enhance their review process efficiency.
https://www.meritalk.com/articles/gsa-looking-to-ai-to-speed-up-fedramp-process/

InfusionPoints and the Future
With InfusionPoints' recent release of Command Center, we're at a fascinating juncture. We are looking at introducing AI capabilities into Command Center now for building SSPs and full OSCAL capabilities for our XccelerATOr and XBU40 customers. It's an exhilarating time to be in the FedRAMP program, with several authorizations currently underway.

That wraps up this edition of FedRAMP in Five. We hope you found these updates insightful.