The Federal Risk and Authorization Management Program (FedRAMP) is evolving to streamline and enhance its cloud security framework for federal agencies and cloud service providers (CSPs). The latest updates, stemming from two significant announcements, signify critical shifts in FedRAMP’s authorization process, which aims to promote efficiency, security, and scalability for cloud solutions used across government agencies.

This article explores these new developments on a single authorization pathway through the Joint Authorization Board (JAB) and broader modernization efforts within FedRAMP.

Read More

Recently, FedRAMP announced that, per stakeholder feedback, the federal market’s needs for cloud SaaS products are not being met. A significant part of this is the program’s bottleneck. 

To address this issue, the Office of Management and Budget (OMB) has released a draft memo offering significant program changes, including updates to infrastructure, leadership, and authorization. 

This article will briefly overview this new roadmap based on the information currently available to the public. 

Read More

Recently, the FedRAMP program (via the OMB) released a request for feedback on new guidance documentation for penetration testing under the program. The new guidance standards target organizations and 3PAOs undergoing or performing penetration tests under FedRAMP requirements.

The new guidance addresses new attack vectors targeting subsystems in IT infrastructure. 

Here, we’ll cover his newest draft about new guidance standards for FedRAMP penetration testing.

Read More