Tag Archives: General Services Administration

FedRAMP 20x Keeps Government Cloud Use Moving

Posted on by

Earlier this year, the General Services Administration (GSA) announced a significant update to the Federal Risk and Authorization Management Program (FedRAMP). Named FedRAMP 20x, the focus of this initiative is on introducing automation to increase the pace of authorizations.

The Phase One pilot of this effort trialed a new approach to FedRAMP Low authorization. This automated process focused on Key Security Indicators (KSIs) rather than the traditional NIST SP 800-53 narrative control set. Vendors meeting the KPIs were granted a 12-month FedRAMP Low authorization. Using this process, the first FedRAMP authorizations were issued in just four months.

The GSA is now kicking off Phase Two, which will look at granting FedRAMP Moderate authorizations. Participation in this pilot is by invitation only, in order to ensure the small FedRAMP staff concentrates efforts on participants that are well-positioned to achieve Moderate authorization. The focus of this phase, "quality, not quantity,"-- is aimed at fine-tuning automated processes, with a target of 10 approved solutions. Continue reading

How to Win at AI

Posted on by

The Administration's overarching AI guidance, Winning the Race: America's AI Action Plan, was developed to ensure the United States maintains a competitive edge in AI technology development and deployment. The plan and accompanying Executive Orders (EO) focus on three core priorities:

  • Building AI-ready infrastructure
  • Establishing and promoting a U.S.-technology export regime
  • Defining "bias" in models to ensure use of unbiased large language models in government

This plan follows a January executive order that pledged delivery of an AI Action Plan within six months. Continue reading

FITARA Report Looks to Future Evolution

Posted on by

The 15th Federal Information Technology Acquisition Reform Act (FITARA) scorecard was issued in December 2022 to provide a look at how agencies are meeting modernization goals. Much like the 14th report, all measured agencies improved their scores or stayed the same indicating that changes are needed to ensure the report fully reflects today's modernization goals that have shifted from data center consolidation to cloud usage, and onward to Zero Trust cybersecurity strategies. The committee overseeing the scorecard, as well as industry groups, are looking at ways to better align modernization activities with the report.

FITARA 15 Findings

Currently, the seven active grading categories on the scorecard are: 1) progress in transitioning to EIS contracts; 2) CIO authority enhancements; 3) transparency and risk management; 4) portfolio review; 5) data center consolidation; 6) Modernizing Government Technology (MGT) Act; and 7) cybersecurity/FISMA. Continue reading

Facing the Future of Biometrics

Posted on by

With many of us using our faces to "open" our phones, biometric technology has become an everyday consumer technology. Capitalizing on the comfort and ease of use of facial recognition, government agencies are looking to incorporate it (and other biometric methods) into their modern cybersecurity plans and approaches but are realizing implementation in a government setting raises a host of complications.

Interest in facial recognition is strong

The U.S. Government Accountability Office (GAO) released a report in August of 2021 that detailed current and planned use of facial recognition technology by federal agencies. In a survey of 24 departments and agencies it found that 18 reported using the technology and 10 reported plans to expand their use of it. Continue reading

Cloud Is No Longer the Exception, but the Rule

Posted on by

Remote work, necessitated by the pandemic, accelerated many agencies' move to cloud computing. With remote and dispersed teams here to stay, cloud is a critical, if not primary, infrastructure for a number of organizations. With this wide reliance on cloud, the Cybersecurity and Infrastructure Security Agency (CISA) has been releasing Trusted Internet Connections 3.0 Use Cases, which give federal agencies guidance on applying network and multi-boundary security for remote users.

Similarly, the Defense Information Systems Agency (DISA) recently combined its Cloud Computing Program Office (CCPO) with its services directorate and ecosystem. This move, creating the Hosting and Compute Center (HaCC), recognizes the long-term reality of cloud and the role it plays in delivering services and powering everyday work for the agency. The HaCC will be "responsible for providing the warfighter with critical hosting and compute functions using modern data center and cloud capabilities." This functionality supports a number of Defense Department initiatives including Joint All Domain Command and Control. Continue reading