ALEXANDRIA, Va.--(BUSINESS WIRE)--MeriTalk, a public-private partnership focused on improving the outcomes of government IT, today published the findings of its latest report, “FedRAMP Fault Lines.” The report reveals four out of five Federal cloud decision makers (79 percent) are frustrated with the Federal Risk and Authorization Management Program (FedRAMP), most commonly calling the process, “a compliance exercise.” And, despite the General Service Administration’s (GSA) push to fix the process, 41 percent are unfamiliar with GSA’s plans to remedy FedRAMP.
The report also found Feds are frustrated with the lack of transparency into the FedRAMP process and unsatisfied with its efforts to increase security. More than half of Feds (55 percent) – and 65 percent of defense agencies – do not believe FedRAMP has increased security.
While some Feds believe FedRAMP has successfully reduced duplicative efforts, many believe the process is still too slow and fail to take advantage of shared Authority to Operate (ATOs):
- Forty-one percent of Feds have not used another agency’s FedRAMP ATO
- Thirty-five percent of those with an ATO have not allowed others to utilize it
- And, 26 percent have been denied another agency’s ATO
With cracks in the FedRAMP foundation, Feds remain uncertain about the process – with some ignoring the program entirely even though it is mandatory for Federal agency cloud deployments and service models at the low and moderate risk impact levels. Nearly one in five Feds surveyed (17 percent) report FedRAMP compliance does not factor into their cloud decisions while 59 percent would consider a non FedRAMP-compliant cloud.
“Despite efforts to improve, FedRAMP remains cracked at the foundation,” said Steve O’Keeffe, founder, MeriTalk. “We need a FedRAMP fix – the PMO must improve guidance, simplify the process, and increase transparency.”
When it comes to improving FedRAMP, 49 percent of Feds propose accelerating the Cloud Service Provider (CSP) certification process so there are more secure cloud options; 47 percent suggest establishing an ATO clearing house where agencies have access to – and are required to accept – all ATOs. Some (27 percent) also recommend changing leadership at the GSA Program Management Office (PMO) – civilian agencies are more likely to suggest this change with 37 percent recommending a change in leadership.
For government to capitalize on the promise of cloud, Feds need to embrace FedRAMP. The report outlines the following recommendations to improve the process:
- Eliminate confusion by improving guidance and expanding training
- Encourage sharing by simplifying the process and eliminating duplicate efforts with an ATO clearing house
- Promote progress by increasing transparency around security improvements, timeline accelerations, and actions taken to restore the program
The “FedRAMP Fault Lines” report is based on an online survey of 150 Federal IT cloud decision makers in April 2016. The report has a margin of error of ±7.97 percent at a 95 percent confidence level. To download the full study please visit: https://www.meritalk.com/study/fedramp-fault-lines/.
The voice of tomorrow’s government today, MeriTalk is a public-private partnership focused on improving the outcomes of government IT. Focusing on government’s hot-button issues, MeriTalk hosts Big Data Exchange, Cloud Computing Exchange, Cyber Security Exchange, and Data Center Exchange – platforms dedicated to supporting public-private dialogue and collaboration. MeriTalk connects with an audience of 115,000 government community contacts. For more information, visit www.meritalk.com or follow us on Twitter, @meritalk. MeriTalk is a 300Brand organization.