“It could be a breakthrough year for the Federal Risk and Authorization Management Program (FedRAMP). The SolarWinds attack of late 2020 brought a nearly overnight shift in the nation’s attention to securing its data networks and IT supply chain. In fiscal 2021, agencies reused more FedRAMP-authorized cloud security packages than ever before – a 45 percent increase from the prior year. The White House’s 2021 Executive Order on Improving the Nation’s Cybersecurity has brought more focus to FedRAMP solutions, calling for increased documentation and reporting, expedited adoption of Zero-Trust architecture, improved incident response, and further modernization of the program. This spotlight on FedRAMP means that agencies, legislators, and private contractors are making moves to further refine what it means to be FedRAMP authorized.
Since the SolarWinds attack, officials are seeking ways to tighten FedRAMP requirements and closely monitor overseas vendors in the IT supply chain. Legislators have expressed concerns over the dangers of federal cloud systems that are reliant on software code originally engineered overseas, particularly code engineered by geopolitical rivals. The Federal Secure Cloud Improvement and Jobs Act, introduced in Congress in late 2021, would codify the FedRAMP program into law, as well as require further assessment and possible restriction of software code with overseas origins that is used by authorized cloud products…”
“The White House’s EO has demonstrated a shift in how the federal government approaches cybersecurity. It provides clearer objectives, which not only demonstrates urgency but prepares agencies to set priorities and meet deadlines. Furthermore, the increased focus on strengthening the FedRAMP program has generated momentum among both agencies and private contractors, which will help the federal government execute its cybersecurity initiatives much faster and more deliberately…” Read the full article here.
Source: In 2022, Agencies Will Return Their Focus to FedRAMP Solutions – By Jenna Sindle, January 11, 2022.