FedRAMP Agency Liaisons
FedRAMP’s Agency Liaisons are federal cloud security subject matter experts who serve as a crucial connection between the Program Management Office (PMO) and federal agencies that partner with Cloud Service Providers (CSPs) seeking FedRAMP Authorization.
History and Growth
The FedRAMP Agency Liaison Program began in May of 2020 based on recurring feedback collected during the FedRAMP Ideation Challenge that agencies needed more support to understand and implement FedRAMP’s policies, procedures, and processes. Thus, the Liaison Program was designed to create a government-wide community to maintain a consistent understanding of FedRAMP’s processes and requirements.
In the first two years, the Liaison program already exceeded anticipated growth. The initial focus was identifying and enrolling Liaisons from the 24 CFO (Chief Financial Act) Act agencies. By the end of Fiscal Year (FY) 2021, the program enrolled all 24 CFO Act agencies, as well as 36 additional agencies and bureaus. As of September 2022, the Agency Liaison program has grown to include 155 liaisons from 82 departments, agencies, and offices from across the federal government - and counting!
FedRAMP’s ultimate goal is to have at least one representative from each federal agency tied to the security authorization process who can communicate to key stakeholders about their agency’s internal processes, as well as FedRAMP’s processes and requirements.
Agency Liaison Requirements and Responsibilities
It is important the person or team that serves as their agency’s FedRAMP Liaison(s) is able to:
- Articulate their agency’s internal authorization process
- Be involved in/speak to their agency’s FedRAMP Authorization efforts
- Serve as a FedRAMP resource at their respective agency
- Interface with cybersecurity, business, and other government personnel at their agency about the FedRAMP Authorization process on the PMO’s behalf
Liaisons enjoy exclusive access to special training sessions, working groups, and other FedRAMP initiatives in order to maintain and expand their existing knowledge of FedRAMP policy. Topics of recent quarterly training sessions include:
- Managing Multi-Agency Collaborative ConMon (March 2022)
- Establishing Partnership for Initial Agency Authorization (December 2021)
- Overview of FedRAMP Automation and OSCAL Initiatives (September 2021)
Liaisons are added to the FedRAMP Agency Liaison Listserv to communicate with other Liaisons and granted access to the FedRAMP Agency Liaison page on OMB Max. This page features the historical repository of resources and training materials prepared for Liaisons (including session recordings), as well as agency-specific folders with FedRAMP Authorization data updated quarterly.
Since its inception in 2020, the continued growth of the Agency Liaison program has been a top priority for FedRAMP. Throughout the remainder of FY22 and beyond, the PMO’s focus will remain on increasing enrollment and agency representation in the program, providing opportunities for learning and engagement, and actively involving Agency Liaisons in the authorization process - all efforts that benefit FedRAMP’s wider community of public and private cloud security stakeholders.
Find out if your agency is currently involved in the Agency Liaison Program! If you are interested in learning more about the FedRAMP Agency Liaison Program, how your agency can get involved, or joining on behalf of your agency, please reach out to email@example.com for more information.