In a recent address, Pete Waterman, director of the Federal Risk Authorization Management Program (FedRAMP) at the General Services Administration (GSA), emphasized the importance of industry involvement in transforming the cloud security program. During an event sponsored by the Alliance for Digital Innovation, Waterman stated, “We’re going to transform FedRAMP: Instead of the government deciding what is best, we’ll collaborate with industry to drive the solution.”
The initiative, referred to as FedRAMP 2025, marks a significant shift from the traditional management of the program over the past 12 years. Waterman explained that due to a leaner program management office with fewer resources, the GSA aims to establish policies and standards rather than act as a centralized authority.
To facilitate this collaboration, four community working groups will be established, focusing on various aspects of cloud security. Waterman clarified that these groups will not serve as advisory boards but rather as platforms for open discussion and collaboration among stakeholders.
Waterman expressed optimism about automating validation processes to streamline security assessments. He highlighted the importance of modernizing FedRAMP to meet the needs of evolving technologies, stating, “It’s that simple and that complex, but this should be our goal.”
The PMO plans to leverage platforms like GitHub to keep the community informed and engaged as they work together towards establishing more effective standards in cloud security.