The Federal Risk and Authorization Management Program (FedRAMP) is entering its teen years, having been established in 2011. Just as age 13 brings a host of changes for humans, it's also proving to be just as momentous for the program that provides a standardized, government-wide approach to security assessment, authorization, and continuous monitoring for cloud products.
FedRAMP has evolved to meet the growing importance of cloud services to the daily operations of the government. However, the speed at which FedRAMP grants cloud service status has consistently been an issue. In 2022, Congress enacted the FedRAMP Authorization Act, making FedRAMP law. The bill included a laundry list of modernization steps for the program to speed up its work and expand its capacity, including through the use of more automation technologies. There have been a number of modernization efforts this year, implemented to help FedRAMP meet the demands of agencies and live up to its promise as a secure way to deploy cloud in government. Continue reading