As many of you are aware, there are some significant changes coming to FedRAMP. While the specifics are still uncertain and rumors continue to circulate, there are a couple of things we know for sure: The level of support from the GSA and the FedRAMP office will be changing, and Cloud Service Providers (CSPs) are going to be seeing a shift in how they work with federal agencies.
While these changes may initially seem startling and cause some anxiety, it’s important to remember that this shift has already begun much earlier. About six months ago, it was announced that the Joint Authorization Board (JAB) would be phased out. This change left many CSPs, who were pursuing JAB authorization, scrambling to find a new path forward. Fortunately, the FedRAMP PMO (Program Management Office) stepped in to help these CSPs find agencies that could continue the authorization process. However, the changing landscape at GSA is taking a minimalist approach to FedRAMP authorization and shifting the burden from the PMO to the agencies.
At 38North Security, we’ve had the privilege of working with a number of customers who found themselves in this exact situation, helping them navigate the evolving FedRAMP landscape. As more changes unfold, it’s becoming clear that we are returning to a model where Cloud Service Providers will need to engage more directly with federal agencies.
Anxious about navigating the new FedRAMP landscape? Let us walk you through the changes. Get in touch with us today.
The Growing Importance of Agency Relationships
What does this mean for CSPs? Quite simply, it means that relationships are more important than ever. The shift away from a PMO-focused approach to a more agency-focused model is likely to change how CSPs interact with agencies, and it’s critical that these relationships are nurtured and maintained.
Agencies will now bear a larger responsibility for continuous monitoring, even though they were always supposed to be handling this at the agency authorization level. Therefore, CSPs will need to work much more closely with agencies to ensure that all FedRAMP requirements are met, and continuous monitoring is handled properly.
Understanding Agency Requirements from a FISMA Perspective
In addition to navigating the complexities of FedRAMP, CSPs will need a deeper understanding of agency requirements from a FISMA (Federal Information Security Modernization Act) perspective. Because agencies are going to have more oversight over the authorization and continuous monitoring process, having a good understanding of FISMA will help CSPs address the requirements that directly impact their FedRAMP authorizations.
CSPs who maintain strong relationships with agencies may find that significant change requests are easier to handle. Conversely, those without strong agency ties could face additional hurdles that could slow down or complicate their FedRAMP processes.
How 38North Security Can Help: Streamlining Processes and Communication
At 38North, we have extensive experience helping customers navigate the changing dynamics of FedRAMP and the federal contracting environment. With years of experience working directly with federal agencies, we understand the importance of developing streamlined processes and procedures for effective communication and reporting to agency reviewers. Additionally, we have been performing and supporting FISMA assessments and authorization processes at several agencies and service providers with FISMA requirements under contract with agencies.
Our team has successfully assisted CSPs by guiding them through the challenges of working with agencies, helping them better understand how to meet agency-specific requirements. We are dedicated to helping our customers facilitate a smooth transition as FedRAMP becomes more agency-centric, and we’d love to talk to you about how we can assist you in this new landscape.
Conclusion
Although the shifting landscape of FedRAMP may initially feel overwhelming, those who are prepared to engage directly with agencies and understand the evolving requirements will be well-positioned for success. The changes may be significant, but with the right support, you can navigate them effectively. If you’re facing these challenges and need help with the transition, don’t hesitate to reach out to 38North. We’re here to guide you through these changes and ensure your continued success.
