M-24-15 Section VIII. Industry Engagement¶

FedRAMP is a bridge between the Federal community and the commercial cloud marketplace. The FedRAMP program enables agencies to obtain what they need from the commercial ecosystem and accelerate mission operations. At the same time, FedRAMP helps commercial providers satisfy similar needs across the Federal Government in a consistent and streamlined way.

To further the program's goals, GSA and the FedRAMP Board should engage with industry, through the FSCAC and other mechanisms as appropriate, to maintain a current understanding of industry technologies and practices, to understand where the FedRAMP program could improve its policies or operations, and to otherwise build a strong working relationship between the commercial cloud sector and the Federal community.

FedRAMP should continue to seek feedback from industry on how to increase agency reuse of FedRAMP authorizations, drive more authorizations of small or disadvantaged businesses, and reduce the burden and cost of the FedRAMP authorization process for both CSPs and Federal agencies.

Additionally, the FedRAMP PMO and Board should proactively work to convene industry to convey the emerging cybersecurity priorities and needs of the Federal Government as an enterprise, and discuss potential solutions.

Central Point of Contact¶

It is inefficient for CSPs to report the same information repeatedly to each Federal agency customer they serve. The FedRAMP PMO is positioned to act as a central point of contact when the Federal Government needs to gather information about cloud computing products and services used by agencies. Such needs may flow from OMB policies, CISA BODs, or other Government-wide directives or initiatives that require the collection of cloud security information.