Program Shrinking to Core Feds, Monitoring Meetings Canceled
The General Services Administration’s (GSA) FedRAMP program that evaluates the security of cloud computing services used by Federal agencies is shrinking dramatically in size but remains operating at reduced size as part of GSA’s stable of technology-driven programs.
The changes in FedRAMP (Federal Risk and Authorization Management Program) staffing come as GSA is also acting to cut by about half the size of its Technology Transformation Services (TTS) organization.
FedRAMP has thus far authorized 374 cloud service offerings, which are listed on the FedRAMP marketplace.
Multiple sources told MeriTalk that the biggest changes to the FedRAMP effort are coming through reducing overall staffing for the program – not among the Federal employee ranks, but dramatically so on the contractor side of the equation.
Those sources said that the FedRAMP program office at GSA still employs approximately 18 full-time people – up from the single digits as recently as last year.
Where the bigger reductions in manpower are coming from is among private sector contractors, which sources said numbered about 80 people as of late last year.
That number of contractors is now sharply reduced and will soon go to zero, due largely in part to their contracts with the program expiring since January of this year, the sources said.
The sharp reduction among the FedRAMP program ranks has had at least one tangible outcome for cloud product and service providers that have already had their offerings approved by the program. FedRAMP last month began canceling regular monthly meetings with those firms to go over continuous monitoring requirements, one source with knowledge of the situation said.
Thomas Shedd, who heads the TTS organization at GSA, touched on the future of the FedRAMP program – reduced in size but still operational – during a presentation to employees on March 7, according to news first reported by FedScoop.
According to that report, Shedd said that TTS will cease non-critical work – and work not required by congressional statute – as part of an effort to reduce the size of TTS by half.
Specific to FedRAMP, the report sources Shedd as saying that the remaining TTS programs will include FedRAMP, Login.gov, Cloud.gov, U.S. Digital Corps, and centers of excellence, among others.
The report says that TTS will look to adjust FedRAMP to “unlock more throughput,” and that going forward the government needs to be able to put more software to use.
“We want to have economies of scale with our purchasing power and our infrastructure engineering investment across the federal government,” FedScoop reported Shedd as saying. “Cloud is the way to do that. Specific to infrastructure services, GSA leadership is thinking through what GSA’s government-wide role in cloud technology will look like, and Cloud.gov will be a part of that.”
A GSA spokesperson confirmed to MeriTalk the accuracy of Shedd’s comments, and said that despite the sharp reduction in program-directed personnel, “FedRAMP is a priority for TTS and GSA.”
“FedRAMP is steadfast, operational, and continues to deliver value to the American taxpayer,” the spokesperson said. “GSA is currently working on a proposal to revamp FedRAMP to unlock more throughput. Increasing government adoption of modern technology in the form of cloud services is critical, and FedRAMP is essential to ensuring that happens.”
More broadly, the spokesperson said that “GSA is recommitting itself to its founding purpose: ensuring government-wide efficiency and maximizing value for the American taxpayer. With this in mind, GSA is executing changes organization-wide in response to the Executive Orders of this Administration; thus, leading to a more effective and efficient government overall.”
Critical to FedRAMP’s staying power at GSA is that the program was codified into Federal law in 2022 after a multi-year legislative campaign by Rep. Gerry Connolly, D-Va., who is now ranking member of the House Oversight and Reform Committee.
Since then, the program has taken numerous steps dictated by that legislation including appointing a new board structure and taking other actions to speed FedRAMP evaluation and approval processes.
Rep. Connolly told MeriTalk in a statement today that “attacks on critical technology programs, particularly those that are mandated by statute, are antithetical to Elon Musk’s purported goal of making government more efficient.”
“Our constituents expect and deserve to interact with a modern, accessible, and secure government that responds to their needs, protects their personal data, and delivers results,” the congressman said. “Mindless cuts to successful programs make that job harder, and it’s the American people who will pay the price.”
“Democrats on the Oversight Committee have demanded information on the damage Elon Musk is doing to the people’s government, and we will not rest until we get the answers our constituents deserve,” Rep. Connolly pledged.
One source suggested to MeriTalk today that it’s a positive sign for FedRAMP that the program has up to now retained 18 full-time Federal staffers.
In the current government job-cutting environment, the source said, probationary employees – or those with less than two years in their current positions – are often the first to be let go. Several of the current FedRAMP staff have less than two years with the program, the source pointed out.
