The Federal Risk and Authorization Management Program (FedRAMP) needs to adopt a modular approach, according to many of the 41 chief information officers (CIO) and IT officials that responded to the Professional Services Council’s (PSC) 2016 FederalCIOSurvey.
PSC’s survey, which was conducted by PSC member company Grant Thornton, reflects a growing frustration with the Federal Risk and Authorization Management Program (FedRAMP). Some CIOs expressed concern over the government’s broad, standardized method of assessing security and modernizing cloud services. One respondent said that the requirement to adopt solutions that could only accommodate low-risk data was burdensome.
“Although steps are being taken to streamline the FedRAMP process, the lack of reciprocity (requiring agencies to rely on another agency’s ATO or provisional authorization) must be addressed to accelerate the adoption of commercial cloud solutions,” the survey said.
While CIO respondents called on the Federal government to streamline FedRAMP, many of them are working within their own agencies to expedite agile delivery methods. All 41 interviewees reported that they used agile delivery in some way. Agile contract delivery is a vehicle through which Federal agencies can do business with acquisition counterparts. According to the survey, some agencies are restricted from using contracting vehicles presented by outside companies; this restriction leads to delays in innovation. The 41 survey respondents, who represent 23 agencies, indicate that agile methods have increased, but are still not overly prevalent in Federal spaces.
While all respondents said they used some form of agile delivery, the number of people using agile as the default vehicle has decreased from 33 percent to 26 percent. Forty-two percent said they are in the early stages of agile adoption, and 32 percent report they are comfortable with agile.
Interviewed CIOs stated that they need to do a better job of training contracting officers on how to handle agile contracts. As Federal officers begin to grasp agile deliveries, some CIOs stated that one solution in project management would be if the Federal government moved away from massive IT programs and funded projects on a case-by-case level instead. The government can best address IT issues on an individual level, rather than through sweeping pieces of legislation, respondents said.
“There is a history of having large Federal IT programs, where $100M would not be considered big, and that mind-set needs to go away,” stated one CIO respondent.