RFQ for GRC Solution Released
March 15 | 2024
The General Services Administration (GSA) and FedRAMP have issued a request for quotation (RFQ) (47QPCA24Q0026) for a Governance, Risk, Compliance (GRC) solution to include workflow processing, data analytics, integration, and Artificial Intelligence/Machine Learning (AI/ML) capabilities for the Federal Risk and Authorization Management Program (FedRAMP) authorization review process. eBuy users can access the RFQ by searching for RFQ1683192 on eBuy, which can be accessed using your Max.gov login. Organizations wishing to submit their solution must submit a quote by March 21, 2024.
The GRC Platform is a key component of FedRAMP’s modernization strategy. Our initial focus will be on:
- Shifting from documentation to machine readable, OSCAL-based data
- Providing APIs facilitating system to system integration with our stakeholder community
- Outreach, training, tooling, and technical support to ease onboarding CSPs, agencies, and 3PAOs to the solution
- Refactoring processes to leverage our new capabilities to improve and streamline the stakeholder experience
We expect the GRC Platform to deliver the following initial benefits to CSP, agency, and 3PAO stakeholders:
- Improved speed and transparency in the authorization process, based on data-driven processes
- Automated validation of packages and deliverables to ensure consistency and completeness as early and as frequently as desired
- Centralized continuous monitoring that drives a data-driven security posture and dashboards that can guide risk management decisions
- Simplified inheritance for agencies and Cloud Service Providers to promote and facilitate reuse of cloud services
- A data foundation that enables reciprocity between different security and compliance frameworks.
We thank you again for your collaboration in making FedRAMP a success. If you have any general questions, please email info@fedramp.gov.
