FedRAMP Policy to Receive Updates Reflecting Software-as-a-Service Trends

Drew Myklegard, the deputy federal chief information officer, said new Federal Risk and Authorization Management Program compliance governance is coming as software and platform-as-a-service offerings grow more prevalent in the cloud industry.

Speaking at a FedScoop event on Thursday, Myklegard explained that the upcoming policy update will address a lag in the secure adoption of SaaS and PaaS products compared to a rapid increase in providers.

He said his team at the Office of Management and Budget has obtained feedback on FedRAMP from roughly 30 agencies that will inform the coming governance.

Myklegard added that OMB will post the updated FedRAMP policy to obtain public input. He did not give a deadline for when it will be ready, FedScoop reported Friday.

According to Myklegard, the passage of legislation codifying FedRAMP has strengthened it by expanding the Joint Authorization Board and establishing a Federal Secure Cloud Advisory Committee, a public-private group tasked with advising the General Services Administration head and other officials on secure cloud adoption.

In February, the Alliance for Digital Innovation trade group wrote a letter to GSA and OMB recommending the establishment of such a committee and other changes as the two agencies update FedRAMP policy.