We wanted to make you aware that this morning the FedRAMP program office released a new initiative to accelerate the FedRAMP certification process, adding a FedRAMP Readiness Capabilities Assessment. The goal of this new initiative is to speed up the FedRAMP Ready process, which currently takes between 3 and 9 months to complete.
Under the new plan, providers that want to become FedRAMP Ready will go through a stronger capability assessments that will be completed by a 3PAO in only one to three weeks, instead of the months it currently takes. Upon completion, that assessment will be examined by FedRAMP’s Program Management Office.
If the PMO office likes what it sees, the provider should be declared FedRAMP Ready within one week. This will enable CSPs and Agencies to achieve FedRAMP authorizations faster without negatively impacting risk and quality of security packages.
The new process allows third party assessors to pre-certify FedRAMP applicants in terms the applicant’s security capabilities. The 3PAO is expected to provide an overall rating of a CSP’s security capabilities (Level I, II, III, IV or V) based on the 3PAO’s detailed analysis of a CSP’s Readiness Capabilities and the 3PAO’s overall experience with cloud-based systems.
The new process also is phasing out the “CSP supplied” compliance route, believing that the new process will allow companies to get through the process quicker than the old CSP supplied route enabled.
The FedRAMP Program Management Office (PMO)has published draft guidelines for the new program, part of which are attached. GSA is asking for industry feedback on the new guidelines by April 29, 2016.
Please let us know if you would be interested in commenting upon the proposed new guidelines.