GSA names 7 leaders to inaugural FedRAMP board
The move comes as GSA and OMB modernize the cloud security program to implement recent legislative changes.
The General Services Administration is updating its signature cloud authorization program to feature a new board to take charge of provisional approvals.
The Federal Risk and Authorization Management Program Board is replacing the Joint Authorization Board as part of a series of changes under recent legislation that enshrines the program in statute. The legislation and subsequent draft guidance from the Office of Management and Budget are designed to create more pathways to authorization for cloud providers and to make it easier for agencies to team up to review solutions in the fast-growing software-as-a-service category.
"The FedRAMP Board intentionally comprises members from across government, bringing diverse perspectives from the frontlines of cyber and IT modernization efforts,” Drew Myklegard, the deputy federal CIO, said in a statement. "By harnessing their collective expertise, the board will play a vital role in adapting the FedRAMP Program to address the evolving cyber landscape and enable the accelerated adoption of secure cloud technologies across the government."
New board members are: Venice Goodwine, Air Force CIO ; Bo Berlas, GSA chief information security officer; Carrie Lee, deputy CIO at the Department of Veterans Affairs; David McKeown, defense department deputy CIO for cybersecurity; Hemant Baidwan, Department of Homeland Security chief information security officer; Sylvia Burns, CIO and chief privacy officer at the Federal Deposit Insurance Corporation; and Christopher Butera, senior technical director for the cybersecurity division at the Cybersecurity and Infrastructure Security Agency, housed at DHS.
The FedRAMP Authorization Act also prompted the development of a new roadmap for the program, released in March 2024. Its leaders pledged to reorient the program around customer service to set clear security expectations for vendors seeking authorization, streamlining reviews and using machine-readable tools to digitize the authorization process.
"While SaaS applications are used in government, and FedRAMP does have some in its marketplace, it’s not nearly enough and it’s not working the way that it should," the agency said in a statement announcing the March roadmap. "We know that for many companies, especially software-focused companies, it takes too much time and money to get a FedRAMP authorization. And we’re particularly cognizant that we need to scale and automate our own processes beyond where they’re at now if we want to meaningfully grow the FedRAMP marketplace."