Both vendors and Federal officials said today they want more visibility into the Federal Risk and Authorization Management Program (FedRAMP) process, which certifies the security of cloud technologies for Federal government use and is operated by the General Services Administration (GSA).
During FCW’s FedRAMP Summit today, Lou Giglio, head of Federal government sales at Zoom, explained that from the vendor side, communication with the Federal government in regards to the FedRAMP process can be difficult.
“If the FedRAMP office could provide a primary point of contact to someone who has no more than three to five packages in process at the time, that would sure be helpful,” Giglio recommended. “All the automation in the world is not going to solve for not having that primary POC for that information exchange.”
From the Federal government side, David Catanoso, director of the Enterprise Cloud Solutions Office at the Department of Veterans Affairs (VA) – and who is now responsible for application hosting cloud-native solutions – also agreed more visibility would be beneficial.
“From our side, more visibility into the process in terms of where a particular FedRAMP certification is in the pipeline and how soon we could expect the certification to be in place,” would be helpful, Catanoso said.
“I was talking to a vendor yesterday where we’re trying to use a technology that they’re adding to their product that we already have under contract, but we can’t use these new features until we get the FedRAMP certification,” he explained. “And so we’re trying to plan around that, but it’s kind of an unknown timeline. It’s hard for us to make plans for that. So, that would just be helpful to get more visibility into that.”
Catanoso went on to say that when it comes to the VA’s cloud-related products, one of the criteria the agency uses is whether it is FedRAMP certified or not – which further illustrates the need for visibility into the process.
“If it’s not, it doesn’t mean that we wouldn’t consider a product, but it adds time to the process and we’d have to invest resources either to potentially sponsor a FedRAMP certification or see if another agency is in the process,” he said. “That goes back to my suggestion about getting better visibility to what’s in flight, because that would help us understand where the market’s going to be in six to 12 months from now and help us plan.”
“It’s a complex process, but we try to do our best with market research to kind of be evaluating what’s out there to best serve our veterans,” he added.