The General Services Administration is taking a phased and calibrated approach to implementing FedRAMP over the next two years, said GSA Associate Administrator of the Office of Citizen Services and Innovative Technologies Dave McClure in a call Wednesday following Tuesday’s release of the FedRAMP Concept of Operations.
McClure said GSA is in the first of four stages in implementing the highly anticipated program that will provide security controls and guide agencies into implementing cloud computing technologies across the government.
“We want to learn, adjust and correct instead of jumpstarting the program and putting everything into it,” McClure said.
McClure described the four stages as:
- The pre-launch stage that the agency is currently in where its goal is to educate the community – both government and industry – on how the program will run, along with addressing any concerns before it becomes operational.
- In June of this year, FedRAMP will launch with an initial operating capability that McClure described as a narrow entry path to the program in an effort to ensure proper progress. “We’ll be kicking the tires, so to speak,” he said. The early available capabilities will likely include infrastructure as a service and email.
- In fiscal year 2013, FedRAMP will have a more open and diverse set of offerings as the government continues to learn best practices for cloud implementation.
- In fiscal year 2014, FedRAMP will reach a more sustainable operating level with the program operating in tandem with previous published security controls.
Agencies have two years to become compliant.
FedRAMP aims to reduce duplicative efforts, inconsistencies and cost inefficiencies associated with the current security authorization process. The program will also establish a public-private partnership to promote innovation and the advancement of more secure information technologies.
By using an agile and flexible framework, FedRAMP will enable the Federal Government to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations and allowing agencies to leverage security authorizations on a government-wide scale.
FedRAMP was first announced in 2010 as part of the Office of Management and Budget’s 25-Point Plan to Reform Federal IT, authored by former Federal Chief Information Officer Vivek Kundra and now OMB Acting Director Jeff Zients.
The White House released a memorandum in December outlining the program that Federal CIO Steven VanRoekel said will save the government 30 to 40 percent on cloud computing costs.