FedRAMP Agile Delivery Pilot Update
September 27 | 2024
FedRAMP is Moving Forward With Our Agile Delivery Pilot
We have selected six Cloud Service Offerings (CSOs) for initial participation in our agile delivery pilot. The pilot will rapidly accelerate the secure delivery of innovative features and services to customers by assessing risks against pre-assessed, objective security criteria in automated continuous integration and continuous delivery/deployment (CI/CD) pipelines.
We plan on expanding the pilot to include additional CSOs over time. CSOs who did not apply initially but are interested in participating are encouraged to reach out to info@fedramp.gov for more information.
What stakeholder groups need to know
Federal Agencies will preview the benefits of shifting security left, where vulnerabilities are identified and remediated as early in the development process as possible, thus introducing less risk into the authorization boundary. Agencies are empowered to opt-in to new services at their discretion - all new services are disabled by default. Changes introduced during the pilot are reviewed by FedRAMP and lead agencies for risk to validate that they do not alter the architecture, modify existing customer configurations, or impact privacy.
Cloud Service Providers (CSPs) will appreciate the alignment with secure iterative change - with modern software development in the cloud based on rapid iteration, mature organizations might test and deploy dozens or even hundreds of changes per day. By reducing manual barriers, feature disparity between commercial and public sector offerings go from weeks and months apart to days or hours.
Third-Party Assessment Organizations (3PAOs) will feel empowered during assessments with a shift toward objective, data-driven, and evidence based assessment criteria. FedRAMP expectations will be around assessing automated processes that enforce pre-defined security thresholds to validate secure changes.
For more information on the agile delivery pilot, please visit the updated pilot web page