Public comment period
Office of Management and Budget to Accept FedRAMP Feedback Until December
Drew Myklegard, deputy federal chief information officer, said the Office of Management and Budget will extend the public comment period for draft guidance on the Federal Risk and Authorization Management Program from Nov. 27 to Dec. 22.
Speaking at the recent CyberTalks event, he explained that the agency needs more time to grapple with challenging feedback, CyberScoop reported Friday.
OMB released draft guidance for public comment in late October aimed at scaling FedRAMP-approved products and boosting automation throughout the government. According to the office, the guidance’s objectives include defining what cloud offerings FedRAMP covers, fostering a transparent authorization process and setting requirements for agencies to use authorized services.
Myklegard said commenters have focused on areas such as reciprocity between FedRAMP and other cloud security authorization programs and the presumption of adequacy for vendors across federal agencies. Companies want to know if their FedRAMP authorization is valid at other government organizations, he added.
According to Myklegard, commenters also advised OMB to reconsider aspects such as red teaming, which could vary in meaning depending on the company.
He went on to say that the finalized FedRAMP guidance could arrive sometime in early 2024.
Category: Digital Modernization
Tags: digital modernization Drew Myklegard Federal Risk and Authorization Management Program FedRAMP FedScoop Office of Management and Budget