MeriTalk Names GSA Source

Reacting to a battery of recent MeriTalk articles on GSA 18F and FedRAMP, voices inside and outside GSA have called for MeriTalk to name our source.  Well, this time, we’re completely transparent–it’s Matt Goodrich. Just last week, the FedRAMP PMO issued a message to FedRAMP JAB-certified CSPs.  The FedRAMP PMO tells CSPs that have invested millions to attain a JAB certification that they need to demonstrate that they have at least six unique agency customers–or they’ll get kicked out of the JAB certification and need to pursue an agency sponsor.

 

FedRAMP Eats Its Own Children

CSPs are incensed by what they see as the FedRAMP PMO moving the goal posts. And, interestingly, the FedRAMP PMO states that it may change the minimum threshold–so that CSPs may need more than six agency customers to maintain their JAB certification. Peculiar timing for this assertive move from the embattled PMO. GAO just announced that it’s auditing the FedRAMP process–and Congressman Gerry Connolly’s convening government and industry to frame new legislation to corral the wayward “do-once-use-many” cloud cybersecurity certification program. By requiring CSPs to demonstrate their governmentwide installation, the FedRAMP PMO will likely turn its biggest allies into its biggest adversaries. CSPs are incensed by the prospect of their massive investments going up in smoke.

 

What If CSPs Say No?

What if CSPs refuse to provide the PMO with information on where they’re installed? Few have agreed to provide this information to date. It’s widely known that CSPs don’t want to provide their customer lists for fear of tipping their hands to the competitors. It’ll be interesting to see how GSA goes about enforcing the reporting requirement–not to mention the eviction process. Time to lawyer up?

 

Quack, Quack

Congressman Will Hurd triumphed in Texas–that’s a huge win for the tech community. That said, it’s unlikely we’ll see any movement on MGT until the new session–why would Republicans not wait to negotiate with themselves? At the same time, we’ll likely see 18Fers jump ship fearing Trump. That could spell a whole new chapter for FedRAMP, cloud, and government procurement reform. Industry and government got together to provide recommendations to fix the program. GSA refused to acknowledge this effort. Mr. Goodrich’s email to CSPs has surely changed the tone and urgency of the debate.

Steve O'Keeffe
About Steve O'Keeffe
The most connected executive in the government technology community – O'Keeffe is an accomplished entrepreneur and tech-policy expert, with 30 years’ experience as an innovator at the crossroads of government and industry. He founded MeriTalk, O'Keeffe & Company, 300Brand, among other entities. O'Keeffe is a fixture on the Hill, in both the House and Senate, testifying on IT, budget, government workforce, and the requirement to modernize government IT to enhance outcomes for the American people and government employees. He is a champion for change, simplification, transparency, and clear communication of IT value without jargon. A committed philanthropist, O'Keeffe has served for 15 years on the USO-Metro Board of Directors – Vice Chairman of the Board and Chair of the Annual Awards Dinner. He started his career as a journalist – O'Keeffe has contributed to The Economist, Government Executive, Signal Magazine, The Washington Post, and, of course, MeriTalk.