by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : April 30, 2016
The General Services Administration is retooling the Federal Risk and Authori- zation Management Program in hopes of dramatically shortening the time it takes to get a cloud service reviewed and approved for agency use. FedRAMP Director Matt Goodrich detailed the changes — which came after a six-month review of the cur- rent processes that involved discus- sions with more than 80 stakeholder groups — at a March 28 kickoff event. The most notable change is a shift to surveying cloud service providers’ capabilities upfront rather than the expensive and time-consuming pro- cess of requiring and then reviewing extensive documentation. Goodrich unveiled a proposed FedRAMP Readi- ness Capabilities Assessment that he said CSPs could complete in less than a month — and the FedRAMP program management office could review within a week. The FedRAMP process has some- times frustrated cloud service provid- ers and agencies alike, largely because of the time and expense involved in securing a provisional authority to operate. The fastest FedRAMP approv- al to date took five months, Goodrich said, but most reviews are taking nine to 18 months. A fast lane for FedRAMP ransomware attempts were documented at 29 federal agencies in the last half of 2015 321 Trending Although resource constraints are part of the problem, the main issue seems to be the documentation-driv- en process. The new approach, called FedRAMP Accelerated, will require CSPs to have a third-party assess- ment organization conduct the ini- tial capabilities assess- ment before diving into detailed documenta- tion. If the 3PAO gives the CSP passing marks and the FedRAMP team agrees, the CSP will be declared “FedRAMP ready” — a designation Goodrich said will give agencies confidence that the service will be approved for use in rela- tively short order. The CSP will then be required to complete a full FedRAMP Security Assessment before moving on to the Joint Authorization Board for approval. That, too, is a change from the current approach but one Goodrich said was crucial to ensur- ing faster approvals. GSA officials said the approach should reduce the overall approval time to six months and possibly as little as three months — which would, in turn, give agencies access to a broader range of CSPs more quickly. The new process is currently being tested with three CSPs: Unisys, Micro- soft and GSA’s 18F. The trials began in March and will continue until June or so. Assuming no major problems, the new method would then be available for other providers. Goodrich stressed that the new approach is only for Joint Autho- rization Board reviews, and agencies still have the option of sponsor- ing their own FedRAMP authorizations, though he hoped they would see the benefits of FedRAMP Accelerated and choose to use it. The third path to FedRAMP approv- al, however — the so-called CSP Sup- plied process in which a provider tests and documents without a government sponsor — is going away. CSPs with such efforts already underway can submit completed packages until April 29. After that, companies will have to shift to the Joint Authorization Board/ FedRAMP Accelerated approach. — Mark Rockwell FCW CALENDAR GIS Director of National Intelligence James Clapper, NGA Director Robert Cardillo and Undersecretary of Defense for Intelligence Marcel Lettre will keynote at the GEOINT 2016 Symposium. Orlando, Fla. geoint2016.com Cybersecurity The Navy’s Troy Johnson, FEC’s Esteve Mede and GSA’s Jim Piché are among the speakers at this FCW event on implementing the Continuous Diagnostics and Mitigation Program. Washington, D.C . fcw.com/cdm2016 5/15-18 5/11 Risk management ACT-IAC’s Management of Change conference will focus on “IT at a Crossroads: Managing Risk Through Transformation,” with discussions of analytics, solution sprints and disruptions in government. Cambridge, Md. is.gd/FCW_MOC16 5/22-24 FedRAMP Director Matt Goodrich unveiled programs that will speed review and approval times, among other improvements. ZAIDHAMID April 30, 2016 FCW.COM 3 0430fcw_003-009.indd 3 4/5/16 4:22 PM
April 15, 2016
May 15, 2016