FedRAMP certifies a major player

The General Services Administration has authorized a second company to provide secure cloud products and services.

An agency official announced Jan. 31 that CGI Federal has been certified by the Federal Risk and Authorization Management Program's (FedRAMP) Joint Authorization Board. The certification endorses the company as a secure cloud service provider (CSP) for offering services through GSA's Infrastructure as a Service blanket purchase agreement.

CGI and Autonomic Resources are the only two companies that have earned Joint Authorization Board approval. FedRAMP provides a standardized approach to cloud security assessment, authorization and monitoring and eliminates the need for agencies to perform their own security assessments.

"Having a small and large business now authorized demonstrates how FedRAMP works for all CSPs," wrote David McClure, associate administrator of GSA's Office of Citizen Services and Innovative Technologies, on “The GSA Blog” Jan. 31.

"This second authorization will further accelerate federal adoption of secure cloud solutions by providing a consistent, efficient security authorization process that can be leveraged by agencies across government," McClure wrote.

FedRAMP's certification process is in its initial operating phase, but he said he expects it to reach full speed this spring.

In related news, GSA recently hired Maria Roat to be FedRAMP director. Roat, who had been the Federal Emergency Management Agency’s deputy CIO, has extensive experience in cybersecurity.

More than 80 CSPs have applied for FedRAMP's provisional authorization, and more than 50 companies have applied to third-party assessment organizations for review, with 16 being accredited to date. The Joint Authorization Board, composed of CIOs from GSA and the departments of Defense and Homeland Security, conducts its assessments after companies have been approved by the third-party organizations.