FedRAMP Forward

Big changes are ahead for the Federal Risk Authorization Management Program, known as FedRAMP. A new two-year roadmap released in December details more than 40 initiatives aimed at accomplishing three overarching goals for the federal cloud security program: increasing stakeholder engagement, including the number of agencies implementing FedRAMP; improving program efficiencies by automating FedRAMP documentation; and adapting FedRAMP to support evolving cloud offerings and security policies, while focusing on risk management rather than compliance.

Called FedRAMP Forward, the new roadmap will also ensure that the cloud security program is implemented more consistently, and it will clear up agency misconceptions that restrict competition among cloud providers vying for federal business. The roadmap groups initiatives in six-, 12-, 18- and 24-month intervals.