After recently celebrating our Fifth Birthday and logo update, the FedRAMP PMO is excited to announce a few more changes to our website in the form of a new blog series and newly created Tips & Cues page. In the interest of communicating information about how to best work with FedRAMP regularly, we will be introducing a series of multi-part blogs. These series will be published weekly, in addition to any programmatic updates that occur.
This week we’re excited to celebrate FedRAMP’s fifth birthday! The program has come a long way over the past five years, as we have been able to grow and transform the program to continue meeting our partners’ evolving needs. FedRAMP achieved initial operational capability in 2012. We launched FedRAMP.gov that year as our primary communication and outreach channel. Since then, we have continued to iterate based on the voice of the customer and have expanded our outreach to include such activities as training, weekly tips, a user-centered marketplace and dashboard, and the Focus on FedRAMP blog.
If you’re a program manager or a federal web developer you’ve probably been given a seemingly simple task: Create a basic website as part of a new initiative at your agency. The hardest part is often not crafting the content or designing the prototype, but getting the security and privacy compliance in order to launch and maintain the actual website’s compliance status. For that work, you might have to hire a contractor or put extra strain on your agency’s web team.
We wanted to share some high-level guidance for CSPs and 3PAOs we created with the JAB teams to provide insight into the different roles and responsibilities for 3PAOs and CSPs in our authorization process. These roles and responsibilities were created and refined over the last year as we refined the JAB’s authorization process through FedRAMP Accelerated. The CSP’s role (189 kb PDF, 1 page) in the JAB authorization process is to ensure their service offering meets the NIST/FedRAMP requirements through the implementation and documentation of security controls.
To folks new to government, one of the most surprising differences between our work and work in the private sector are the barriers in accessing commercially available software, and commercially available Software-as-a-Service (SaaS) in particular. There are good reasons for these barriers: the government places premiums on considerations such as security, privacy, accessibility, license management, and competition. It takes great care to work within those considerations while also providing digital teams with great tools to get work done.
DigitalGov University (DGU), the events platform for DigitalGov, provides programming to build and accelerate digital capacity by providing webinars and in-person events highlighting innovations, case studies, tools, and resources. Thanks to your participation, DGU hosted over 90 events with 6,648 attendees from over 100 agencies across federal, tribal, state, and local governments. DGU strives to provide training throughout the year that is useful and relevant to you. One of the most resounding comments from digital managers last year was people wanted to be able to attend all of our classes virtually.
Many of our cloud service providers (CSPs), federal agencies, and third party assessment organizations (3PAOs) often share common issues and questions when going through the FedRAMP process. To help guide our stakeholders, we will be providing weekly tips and address frequently asked questions and concerns. Email us potential tips and questions that you would like published as a tip. Cloud Service Providers (CSPs) Question: Why should CSPs spend time and money developing high quality documentation when their goal is to become FedRAMP Authorized?
On September 8th, the General Services Administration (GSA) held a Technology Industry Day to talk to industry leaders about the products and solutions developed by our agency and to hear feedback on how we can better engage industry. We’re thrilled that more than 300 members of the technology industry in person and via the live stream were able to join us for this first step towards a closer partnership and more open lines of communication about how we can work together to transform federal technology.
Private industry and government came together to find best ways to deliver 21st century technology to federal agencies. On September 8, 2016 Administrator Denise Turner Roth of the U.S. General Services Administration (GSA) hosted the first-ever Technology Industry Day to provide a better understanding of GSA’s path to improve the government’s outdated technology systems. The event featured how GSA buys, builds and shares technology for the federal government. “The General Services Administration has a long history of being a strong leader in adopting technology in government,” said Administrator Roth when giving her opening remarks at GSA’s Technology Industry Day.
One of the questions we get asked the most at FedRAMP from our vendors is: “How much will it cost me to get through FedRAMP?” One of the reasons this is a hard question to answer is that comparing cloud providers to each other isn’t even like trying to compare apples to oranges – those are both at least fruit. Comparing a global content distribution network to a government only ticketing and CRM solution and then comparing to a web-based agile project management tool is like comparing an apple to a bike to a television.
The General Services Administration (GSA) is known for managing federal real estate and leveraging the government’s buying power to get the best deal for taxpayers, but it also drives and leads technology and innovation within the federal government. The Technology Transformation Service (TTS) builds, buys and shares tech to help federal agencies achieve their mission. They create better services for citizens everyday. TTS works closely with the Federal Acquisition Service (FAS) and the GSA CIO to be first movers in and apply agile technology in a meaningful way.
We’re incredibly excited to announce the launch of the new FedRAMP Marketplace dashboard! It’s loaded with all sorts of ways for you to see how everyone is participating with FedRAMP! When we launched the FedRAMP Marketplace about 3 years ago, our intent was to create a place for agencies and cloud service providers (CSPs) to connect. As FedRAMP has grown, so has our marketplace. It’s become a space where all of you interact – CSPs, agencies, and third party assessment organizations (3PAOs) – and in more than just a one way interaction.
Many of our cloud service providers (CSPs), federal agencies, and third party assessment organizations (3PAOs) often share common issues and questions when going through the FedRAMP process. To help guide our stakeholders, we will be providing weekly tips and address frequently asked questions and concerns. This week’s tips come from FedRAMP’s Accelerated event. Read the full list of questions asked during FedRAMP Accelerated here. Send potential tips and questions that you would like published as a tip [via email].
Three years ago, GSA’s Office of Citizen Services and Innovative Technologies (OCSIT) set out to design a system to consistently measure customer satisfaction across our office. We were inspired by the Digital Government Strategy, which tasks agencies to adopt a customer-centric approach to service delivery. Armed with tools such as the Digital Analytics Program (DAP), which offers guidance on common customer satisfaction metrics, we developed a Government Customer Experience Index (GCXi) for OCSIT.
On Wednesday, March 11, FedRAMP unveiled a redesigned FedRAMP.gov. The new site focuses on user experience that fosters a better understanding of FedRAMP from basic knowledge, to in-depth program requirements and includes the launch of a training program. User experience is at the heart of the website redesign. Using feedback from customer interviews, the new FedRAMP.gov is easily navigable and helps visitors: Understand FedRAMP and its strategic direction Quickly find current templates and other key documents Access educational opportunities and information on FedRAMP events The FedRAMP team addressed these objectives and many others developing the website.