FedRAMP Deadline Arrives Today
Today’s the big day. Maybe.
Two years after Feds launched FedRAMP, cloud service providers must finish jumping over all the hurdles if they want to have a part in this program with the funny name. Or not.
June 5 looks like a faux deadline.
And the rules appear subject to change.
OMB, which will act as the enforcer, told us “agencies have to be FedRAMP compliant, not CSPs.”
That’s different than what we heard earlier this year: “Cloud services in use at federal agencies must meet FedRAMP security requirements by June 5.”
Our buddy Dave McClure, who stepped down from his post at GSA last week, said the burden does rest with agencies.
“Our biggest challenge is on the agency side where they may have existing contracts with existing providers, and they have not certified them against the FedRAMP baseline. That’s their job; it’s not a GSA job to do that, necessarily,” he said in an interview.
OMB has indicated that enforcement is not the primary goal here, so a huge question mark looms over agencies and cloud service providers as FedRAMP lunges forward and the calendar flips to June 5.
There are hard deadlines like April 15, and there are not-so-hard-deadlines like when your electric bill comes due. The power doesn’t shut off the next day if the electric company hasn’t received payment. And FedRAMP won’t come to a screeching halt either. Most likely, nothing will happen today.
That won’t sit well with everyone. Many cloud service providers have invested significant resources to meet compliance. If other CSPs can waltz in and offer services following the deadline, OMB may have some fences to mend with those who rushed to meet the deadline.
Will CSPs currently in the pipeline earn the right to offer services once Feds complete the interminable review process and approve their solution? Probably.
As we wonder about all these details and minutia, it’s worth remembering the recent comments of former-Navy Department CIO and current Defense Department CIO Terry Halvorsen, who wondered out loud what comes after FedRAMP. Is FedRAMP the long-term solution for the Federal government?
Don’t think so, Halvorsen said. It’s a good start, he said, but we need to think about what’s next.
As you think about what’s next, consider joining us at MeriTalk’s third annual Cloud Computing Brainstorm on Wednesday, September 10, 2014 at the Newseum in Washington, D.C. That’s a real deadline, and you can register here.
The Cloud Computing Caucus Advisory Group also is an important new resource for what’s happening on the Hill.
And the FedRAMP OnRAMP can help you keep track of who’s in and who’s not.
Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.
Bill Glanz is the content director for MeriTalk and its Exchange communities. In the past 14 years, he has worked as a business reporter, press secretary, and media relations director in Washington, D.C.