Ross Nodurft, executive director of the Alliance for Digital Innovation, issued the following statement in response to the draft memorandum for public comment released by Shalanda Young, director of the Office of Management and Budget (OMB) on Modernizing the Federal Risk Authorization Management Program (FedRAMP):
“At first glance, this memo demonstrates that OMB and GSA have heard the pain points raised by industry and their agency customers. This reauthorization of the FedRAMP program by OMB is clearly focused on empowering agencies to leverage commercial cloud products and services. ADI is pleased that OMB and GSA are focused on removing some of the legacy barriers to authorization and opening different pathways to achieve an Authority To Operate (ATO), all with the intention of providing federal agencies with as robust a cloud commercial marketplace as possible. OMB and GSA are stating clearly that they want to provide a secure, risk focused pathway for agencies to modernize their information environments and enable mission owners to leverage the latest innovative commercial technology.
Given some of the substantive structure changes, there are many questions to answer for those companies who are in various stages of the authorization process – Joint Authorization Board (JAB) or agency. It is important to recognize the investments companies are making to partner with federal customers and ensure that those companies in the authorization process are not penalized with a FedRAMP restructure. Additionally, it will be important to ensure that changes and updates with the program are aligned across the government, to include the Department of Defense. We welcome the opportunity to continue engaging with OMB and GSA on the specifics in this memo and are encouraged by the direction articulated in this initial draft.”