Federal officials have released a playbook intended to make it easier — and quicker — for agencies to procure cloud computing tools through the government’s first ever set of standardized security controls for cloud.
The the latest effort to streamline the Federal Risk and Authorization Management Program comes as the White House has issued a call for agencies across the government to migrate more workloads to the cloud.
FedRAMP was launched in 2011 to accelerate cloud adoption in the federal government by providing security controls that ultimately dictate baseline standards that cloud firms have to meet. But the program hasn’t been fully embraced by all federal agency CIOs, and cloud vendors have also taken issue with inconsistent or unclear requirements.
The playbook is intended to give agencies “step-by-step guidance, best practices, and tips to successfully implement the FedRAMP cloud acquisition authorization process,” essentially providing a road map to navigate the government’s cloud authorization process.
“We developed the Agency Authorization Playbook by combining these best practices and tips with step-by-step guidance that agencies can follow to implement the process to grant an agency ATO,” the FedRAMP office said in a blog post. “We hope this will help promote transparency and set consistent expectations for all involved.”
The playbook is part of a broader effort to get agencies to move to the cloud with more speed and efficiency, as government spending on cloud tools is projected to increase under a budget proposal released last year. In fiscal 2018, federal government spending on cloud is expected to increase by about $1.2 billion from the previous year to more than $9 billion.
And the playbook is not the only effort underway to bring more clarity to FedRAMP.
The General Services Administration has released a request for information asking for examples of “preferred contract language” to incorporate into federal requirements to make it more efficient for agencies to buy cloud computing tools.
The GSA is attempting to create contract language guidance for agencies to use in their cloud acquisitions through the Federal Risk and Authorization Management Program.