FedRAMP Focuses on Agency Security Experts for Authorizing Cloud Services

ESB Professional/Shutterstock.com

The FedRAMP office is set to host another ISSO training day.

The Federal Risk and Authorization Management Program is hosting its third day-long training for federal agency information system security officers on Monday, Aug. 27. FedRAMP hosted its second ISSO training day last month at the General Services Administration’s downtown office in Washington, D.C. More than 70 ISSOs from over 29 federal agencies attended the May training.

Joanne Collins Smee, deputy commissioner of GSA’s Federal Acquisition Service and the director of the Technology Transformation Services, opened the event. “One of my primary focus areas is to promote cloud adoption as a means for government agencies to achieve their missions in the most efficient way without compromising rigorous standards,” said Collins Smee. “It is imperative that we host forums like these to share cross-agency best practices. The people here today represent the ‘front line’ of security and we want to make sure you have the information and resources you need to successfully navigate FedRAMP.”

Agency ISSOs have the important responsibility within the government to review a vendor’s FedRAMP authorization package to determine if the technical architecture and security posture adequately protect federal information. Their review is a critical milestone in order for the agency to use any given cloud system and for vendors to achieve a FedRAMP Authorization.

The May ISSO training was just one of FedRAMP’s 2018 "Year of Refinement" initiatives, a strategic push the program office created to empower government agencies to work with industry partners to authorize their cloud products. The day covered best practices for partnering with cloud service providers and setting the authorization up for success. For the benefit of industry partners, there was also an interactive, deep-dive on FedRAMP’s Agency Authorization process, based on the newly released FedRAMP Agency Authorization Playbook.

If you have not been able to attend one of the prior FedRAMP Agency ISSO training days yet, you can attend the August 27th session at GSA HQ. The full-day event will feature a step-by-step overview of the FedRAMP process, in-depth review of the various technical security requirements, and an interactive analysis of the FedRAMP deliverables and what to expect as a reviewer. Additionally, best practices and lessons learned will be shared by multiple agencies talking about their journeys in cloud technologies and how to best partner with industry throughout the FedRAMP authorization process.

If you have questions regarding FedRAMP, or if you are an agency ISSO and would like register for the upcoming training on Aug. 27, please contact the FedRAMP program management officer at info@fedramp.gov.

Ashley Mahan is the General Services Administration’s first evangelist for FedRAMP.