GSA looks to automate FedRAMP authorizations

The Federal Risk and Authorization Management Program, or FedRAMP, has unveiled a request for information for ways to streamline the process it uses to authorize cloud service providers.

The July 11 request outlines the information FedRAMP is seeking from industry on how to automate the process for granting authority to operate, or ATO, to cloud service providers. The ATO process has been criticized for the length of time it takes for providers to be approved.

GSA, which manages FedRAMP, says it’s been working with two new White House bodies — the Office of American Innovation and American Technology Council — to improve the ATO process. The RFI specifically asks for commercial off-the-shelf solutions.

“Ideally, the government is looking for tools that are already available, rather than conceptual tools, that could be used to automate the process, and support federal priorities already underway like the Continuous Diagnostics and Mitigation (CDM) as well as Ongoing Authorizations priorities managed by the Department of Homeland Security.”

The RFI asks industry stakeholders to answer a series of questions:

• What tools do you offer to government agencies that automate any or all of the security authorization process?
• What is the deployment model of your solution? i.e. multi-tenant cloud offering or is it an on- premise solution?
• Where and how have customers used these tools in the past for automation?
• Describe your tools interoperability with other tools – both for data inputs and outputs, as well as competing tools.
• How can agencies buy your service?
• What questions aren’t we asking that we should be asking? What recommendations do you have for us as we consider automating the ATO process?
• Would you be willing to provide a demonstration of capabilities?

Interested stakeholders have until July 25 to submit their responses.