February 20, 2018
At a moment when public sector agencies are scrambling to meet public and stakeholder expectations on severely limited budgets, there’s good news coming from Washington, DC: Six years after it was first introduced, the Federal Risk and Authorization Management Program (FedRAMP) is delivering massive time and cost savings for participating agencies.
Infor is pleased to report that it has reached “FedRAMP Prioritized” status by the Federal Risk and Authorization Management Program (FedRAMP) to work with the Joint Authorization Board (JAB) and has formally begun the process for achieving a Provisional Authorization to Proceed (P-ATO).
A Three-Week Task in Three Hours
Early adopters within the U.S. federal government are reaping the rewards of their commitment to FedRAMP, according to an issue brief co-authored by the Government Business Council and Infor. Their experience shows “how cloud-enabled data analytics, digital tools, and agile development can improve agency productivity and better equip government employees to deliver services to the public,” the paper states.
The Department of the Army cut the time span for some work tasks from three weeks to three hours by moving its Total Ammunition Management Information System to the cloud. The result: Employees were available to spend their time on other mission objectives.
The Department of Transportation used cloud computing to introduce an enterprise-wide approach to IT, bringing together applications and data environments that had previously run on separate platforms.
Across the federal public service, cloud-based systems are beginning to turn the tide against incoming cybersecurity threats. “In May 2017,” the paper notes, “President Trump signed an Executive Order effectively establishing a single cloud-based structure to unify cybersecurity postures across agencies.”
Only the Beginning
Fundamentally important as these improvements are—to individual agencies, the government as a whole, and to the public those agencies serve—it’s still early days for FedRAMP. By requiring potential cloud vendors to meet a rigorous set of requirements laid down by the National Institute of Standards and Technology (NIST), the system sets security and operational efficiency rules in four key areas:
- Governance, including audit and accountability, contingency planning, program management, risk assessment, and security assessment and authorization
- Information, including access control, identification, and authentication, media protection, configuration management, system and communications protection, and system and information integrity
- People, including awareness, training, and personal security
- External factors, including incident response, physical and environmental protection, and system and service acquisition.
FedRAMP is also a great example of the operational efficiency that is rapidly becoming a hallmark of the transition to cloud computing.
“By merging audits previously conducted by individual agencies, FedRAMP has helped to reduce duplicative security review costs,” the GBC-Infor paper states. “FedRAMP certification is called ‘authority to operate’ (ATO) because it grants vendors permission to provide services government-wide,” while still allowing for additional security requirements in some agencies.
Read press release: Infor Continues Trajectory Toward FedRAMP Compliance
Download a copy of the Government Business Council-Infor issue brief on FedRAMP’s way forward in the cloud.
Joe Arthur, Strategy and Innovation Executive, Infor Public Sector