Federal Chief Information Officer (CIO) Greg Barbaccia said on Wednesday afternoon that the White House Office of Management and Budget (OMB) is “fully committed” to the General Services Administration’s (GSA) FedRAMP 20x revamp.
GSA launched FedRAMP 20x in March, a revamp effort focused on automation to accelerate the approval of secure cloud services. FedRAMP officially unveiled its Phase Two pilot on Wednesday, following the successful completion of Phase One last month.
At a Wednesday event held by the Alliance for Digital Innovation, Barbaccia laid out OMB’s priorities in backing the effort.
“I have done FedRAMP in my past life, and what a pain in the butt,” Barbaccia said. “We’re working to fix it. We know that if we want the government to accept and adopt incredible technology, we’ve got to meet you halfway – ideally more.”
The federal CIO said that the FedRAMP Board and Program Management Office (PMO) “are acting as a catalyst for our strategic goals,” adding, “Our job is to simplify the process.”
Barbaccia said they are focused on a few key areas that will make it easier for cloud service providers to work with federal agencies. The first, he said, is “less documentation, more automation.”
When this approach is applied to the “even larger” scale of federal IT, Barbaccia said it becomes much more efficient. The key advantage is avoiding the need for humans to sift through “unstructured” information, he explained.
“So, we’re fully committed to the GSA 20x initiative. It’s about moving from these paper-based compliance processes to automated ones. We want to accept existing commercial frameworks and documentation, saving you time, saving you money,” Barbaccia said. “And we’re building this for automation so you could do it once [and] deploy it many, many different times across different agencies.”
The second priority, he said, is “clear demand signals from us.” To achieve this, Barbaccia said that the CIO Council – which he chairs – is working to develop a “top-tier list of services” that agencies need and want the most, including conversational AI engines.
“If your product is in high demand and meets our criteria, we will make sure it gets the attention it deserves. This is our way of telling you exactly what the government wants,” he said.
Finally, Barbaccia said his team is also working to create a “presumption of adequacy” for federal agencies, making it easier for agencies to choose an authorized product.
“When you get a FedRAMP authorization, we’re not just giving you a security badge. We’re creating this presumption of adequacy for agencies to rely on,” Barbaccia explained. “This means agencies will accept the work you’ve already done to secure your product and will have a clearer, faster path to reuse and scale across the government once it’s on the marketplace.”
Notably, FedRAMP Director Pete Waterman said on Wednesday that his team is working with the FedRAMP Board and OMB to ensure that all of the 24 CFO Act agencies “will have completed an initial 20x reuse, hopefully by the end of this quarter.”
Waterman acknowledged that it’s a lofty goal, adding, “We’ll see if we deliver that or not.”
Nevertheless, Barbaccia said “there are a lot of cultural things we need to do in the government to try to make” FedRAMP easier for cloud service providers.
“I promise you, I’m working very hard to get these cultural changes in place so we could put these procedural changes in place for reuse,” the federal CIO said, adding, “We are completely moving mountains to make this process much, much better. It’s one of the things coming into this role I was super excited about.”