Today, FCAB submitted our response to the OMB's draft document on FedRAMP changes. Attached is our comments with a bonus section of things we wished were addressed at the end. Our members worked really hard on this response for months and we appreciate everyone that contributed to this response. Here's to making FedRAMP easier for all in the New Year!
Federal Cloud Advisory Board
科技、信息和网络
A non-profit group committed to improving the Federal Risk and Authorization Management Program (FedRAMP)
关于我们
Welcome to the FedRAMP Advisory Board We are a group of senior cybersecurity professionals trying to improve FedRAMP. This group was initially formed as a result of a group discussion where we discussed the procedural and bureaucratic challenges regarding FedRAMP, mainly from a CSP perspective. Notes from that first discussion can be found at https://federalcab.org/debut-call We’re in the early stages of kicking off two separate work streams: A relatively short-term effort that involves collecting and distilling various CSP experiences with the FedRAMP process, focusing on the areas in which suboptimal experiences are shared. The current desire is for the output of this work to be shared publicly through multiple mediums, including a jointly written whitepaper, podcast discussion, presentation to the PMO, or even a conference panel. Sponsorship, whether it’s about finding a sponsor or about a federal agency finding it burdensome to sponsor. Interactions with the PMO and the common problem of inconsistency Typical challenges when dealing with a 3PAO on either the advisory or audit side A longer-term effort, which has the potential of taking years, is centered around working with industry and government to develop something akin to a FedRAMP sandbox which should allow for easier vetting of CSPs by government agencies without them needing them to commit to sponsorship during that initial testing phase fully.
- 网站
-
https://federalcab.org/
Federal Cloud Advisory Board的外部链接
- 所属行业
- 科技、信息和网络
- 规模
- 11-50 人
- 类型
- 非营利机构