18F’s cloud.gov has now been authorized by the Federal Risk and Authorization Management Program, making it the first fully open-sourced solution to complete the process, the General Services Administration announced Thursday.
Getting a provisional authority to operate from FedRAMP took cloud.gov 23 weeks, eight of which were spent by 18F‘s team on “efforts to improve some technical and operational aspects, including additional monitoring and alerting, team training, automation and formalized policies and procedures.” FedRAMP is the government’s process for evaluating the security of cloud providers. 18F is run by the GSA.
GSA calculated that the Joint Authorization Board spent 15 weeks on actually reviewing cloud.gov, according to a GSA blog post. It took around the same time for Microsoft’s Customer Relationship Manager Online — the first solution to get a provisional authority to operate via the Accelerated process.
“cloud.gov gives federal teams a fast and easy way to host and update websites (and other web applications), so they can focus on their missions instead of wrangling the infrastructure and compliance requirements common to federal systems,” according to the blog post.
Agencies can more quickly authorize cloud.gov for security and compliance because of the P-ATO, the FedRAMP team wrote in the post.
“cloud.gov is also a building block for vendors and contractors that supply services to federal agencies,” the post notes. “They can submit proposals to agencies for services to be built on top of cloud.gov, which benefit from these reduced technical and compliance burdens.”