FedRAMP Turns 10!
Congratulations to the FedRAMP Community on our 10th year anniversary as a program! What a journey it has been and we are honored that so many of you have partnered with us along the way to make FedRAMP the program it is today.
In 2011, the US Government recognized the need for a standard for securing cloud computing solutions. On December 8, 2011, the Office of Management and Budget (OMB) signed a memo establishing FedRAMP to provide a cost-effective, risk-based approach for the adoption and use of cloud services.
Over the past 10 years the program FedRAMP focused on continued evolution — from redesigning processes to increasing transparency, or re-focusing on security while streamlining documentation — all our progress is first and foremost driven by feedback from you, our community. As current Acting Director, Brian Conrad, mentioned while posting the FY21 look back, “[Behind our evolution], there is a dedicated team of professionals who are passionate about making FedRAMP the best it can be and who are collaborating with the valued industry and agency partners to protect federal information in the cloud.”
Over 10 years we have achieved many milestones working alongside our partners by:
- Authorizing the first cloud providers for government-wide use
- Partnering with the American Association for Laboratory Accreditation (A2LA) to launch the 3PAO accreditation program
- Launching the FedRAMP Marketplace as a vibrant, interactive dashboard tool to engage agencies and vendors
- Evolving baselines to provide more efficiency and flexibility while maintaining security rigor including High Baseline and FedRAMP Tailored
- Partnering with NIST to develop machine readable language called the Open Security Controls Assessment Language (OSCAL) and a set of validation rules to automatically review OSCAL packages
- Launching the Agency Liaison Program enhance collaboration and knowledge sharing across the government and communications with the PMO, with more than 60 agencies participating in the program
Today, our collective community includes over 180+ participating agencies, 280+ cloud service providers, and 40 recognized 3PAOs. Through this community, we’ve authorized 240 cloud service offerings and those products have been reused over 3,000 times across the federal government. Together, we’re bridging government agencies to the private sector to take advantage of modern and innovative cloud technologies.
As we move forward, we’ll continue to focus on our evolution and growth.
Thank you for all you do and we look forward to the transformation of this program over the next 10 years.