Future of FedRAMP
FedRAMP Hits Its Stride
With the passing of the June 5 deadline for agencies to ensure that their cloud services are compliant with the Federal Risk and Authorization Management Program (FedRAMP), the government's Cloud First initiative begins to move beyond "ramp up" and into a more mature operational phase. But the program will not be static. FedRAMP 2.0 will incorporate new controls from NIST's revised catalogue in SP 800-53, there will be increased emphasis on continuous monitoring of configuration rather than periodic certification, and agencies still must ensure that cloud services comply with security requirements beyond those of FedRAMP.
This report examines what agencies and service providers can expect from FedRAMP going forward, and the outlook for the cloud model most in vogue with private sector CIOs, hybrid. (S8120914)