Tag Archives: Office of Management Budget

FedRAMP Roadmap 2024-25: Modernization Strategy and its Impact on the Program

Posted on by

Carahsoft represents a wide range of FedRAMP offerings and supports many emerging SaaS ISVs as they create Government mission focused solutions. Our Government customers have leveraged thousands of reuse authorizations across the hundreds of FedRAMP authorized cloud services that Carahsoft sells and supports. With such a substantial record of reuses, FedRAMP could be considered the most cost-effective, time-efficient, and security enhancing program in the history of Government IT.

Carahsoft FedRAMP Roadmap Blog Embedded Image 2024

We are excited by the new FedRAMP roadmap, released by GSA on March 28, 2024. This roadmap introduces strategic initiatives designed to modernize the program. FedRAMP allows agencies to leverage previously completed work and reuse cloud authorizations, offering significant time and cost savings for government and industry alike.

Building on the OMB FedRAMP Draft memo released in October 2023, the FedRAMP Roadmap underscores GSA’s commitment to make the program faster and less expensive for Federal Agencies and Cloud Service Providers (CSPs). This blog post aims to analyze the roadmap’s key initiatives and outline its primary objectives. FedRAMP lays out four clear goals to drive the program forward:

  1. Orienting around the customer experience
  2. Cybersecurity leadership
  3. Scaling a trusted marketplace
  4. Smarter, technology-forward operations

Accelerating FedRAMP Authorization and Deployment

Several initiatives introduced by the PMO are designed to significantly speed up the authorization process for CSPs and enable agencies to deploy advanced technology more rapidly:

  1. Reciprocity with External Frameworks: Starting with Low-impact SaaS, the roadmap outlines a plan to enhance interoperability across different frameworks. This allows CSPs to reuse previously completed work, reducing the time to achieve FedRAMP authorization.
  2. Low-review Authorization Model: In partnership with DISA, the roadmap pilots a model where trusted agencies undergo a less extensive review process. This approach aims to make the authorization process faster and more efficient for agencies with mature review processes.
  3. Joint Authorization Groups: The FedRAMP PMO, OMB, and the FedRAMP Board are establishing joint authorization groups to promote a unified approach to risk management. This collaboration is expected to reduce the overall risk profile and workload, thereby increasing the chances for a CSP to secure agency sponsorship.
  4. Digital Authorization Packages: The PMO plans to pilot machine-readable packages using OSCAL. These digital packages are designed to speed up the review process by eliminating many of the manual tasks currently required of PMO staff.

These steps are part of a broader effort to make FedRAMP more agile and responsive to the needs to both CSPs and government agencies, ensuring quicker access to secure and industry-leading cloud solutions.

Maintaining a Cutting-Edge Program

Other initiatives laid out in FedRAMP’s 2024-25 roadmap addresses an effort to continuously update and enhance the program:

  1. SCR Overhaul: Replacing the extensive Significant Change Request (SCR) process with a more agile change management system. This adjustment allows for quicker delivery of security updates, better aligning FedRAMP with the rapid iteration cycles typical of commercial tech products. By allowing CSPs to implement iterative product updates, FedRAMP is not only improving its own operational efficiency but also enhancing the security posture of cloud services used throughout the federal government.
  2. Updated Guidance: Refreshing guidelines in critical security areas, including FIPS 140, DNSSEC, and external service integrations. These updates ensure that the program keeps pace with the latest developments in cybersecurity.
  3. New Metrics: To better meet the evolving needs to agencies and CSPs, FedRAMP is introducing new, customer-oriented key performance metrics.

Through these initiatives, FedRAMP is not just maintaining its standards but also enhancing its adaptability, ensuring it continues to set the standard in government cloud security.  

Timeline

Looking Forward

The roadmap marks a clear commitment to modernization. The PMO is confident that this strategic overhaul will alleviate the current review backlog, streamline processes, and optimize service delivery. As we look towards a transformative period for FedRAMP, Carahsoft remains committed to supporting our partners through these changes. Together, we anticipate a future where Government cloud technology is not only secure and compliant but also at the cutting edge of innovation.

To learn more about Carahsoft’s partner marketplace for FedRAMP certified cloud solutions visit our FedRAMP portfolio and speak to a member of our team today.  

Join us for GovForward’s 6th Annual ATO and Cloud Security Summit on Thursday, July 11, 2024 from 8:00 am-4:45 pm in Waldorf Astoria, Washington D.C. Learn more about the event here.

Improving Government CX Services to Build Trust Amongst Customers

Posted on by
Reply

In the Private Sector, customer experience (CX) is characterized by applications that serve as a single-stop service for customers. These expectations have trickled from the commercial digital world into the Public Sector, with the exception that co-designing services that keep up with the public’s needs and priorities is non-negotiable to rebuilding trust. High Impact Service Providers (HISPs), Federal agencies that the Government has deemed as having critical value due to their public-facing services, aim to mimic the single-stop layout by creating an all-encompassing CX in the Public Sector. This way, the public sees the Government as seamless and unified, and different Government agencies as parallel to each other.

Customer Experience Built on Trust

Unifying services can reduce challenges the public faces when accessing them. Time is lost due to slow modernization that would otherwise improve interactions with customers. In the past, to access services, individuals may need to take off work, which may lose them income. They may need to travel to a far location, may forget vital documents at home or may have to account for child care. These considerations which come at the expense of the public can be attributed to a “time tax” that burdens Government customers. However, with the shift to online services, customers can update their information quickly and easily on their own time. It is important to note that HISPs are moving to a digital-first, but not digital-only strategy. This means that although all services will be provided online, there will still be in-person options for those who do not have access to a dependable connection or for services that can require in-person help. By providing a variety of reliable, time and cost-effective services, Government agencies can ease usability and build trust with customers.

Okta HISP Customer Experience Series Blog Embedded Image 2024

Agencies with new, modernized websites can build trust in the Government. Conversely, a rushed website with too much downtime can lead to a user’s inability to access essential capabilities. Not every agency has a Customer Experience Officer to help roll out improved CX strategies. Various agencies may be set up differently regarding reporting structure, which complicates counsel. A driver of HISP and other government-wide CX initiatives, the Office of Management Budget (OMB), has released digital experience guidance related to Memorandum M-23-22. With this initiative, the OMB will help agencies choose which public-facing items to invest in and which digital services to optimize for prime CX.  

A fundamental part of CX is the people who provide services. To truly improve customer service, agencies must first improve their employee experience. This means providing secure access to a variety of work models: virtual or in-person, temporary, seasonal or full-time, contractor or agency related. Once agencies understand how to provide a uniform experience across a diverse portfolio of workforces, agencies can train employees to provide uniform CX across a diverse array of customers. 

Technology also plays a key role in the Government’s hope of a trust-filled relationship with those they serve. Consistent branding is one powerful way to unite HISPs across the Government. This can look like each agency placing its logo in the same area of its website. Another way is one authentication mechanism for members of the public to access both their Government account and servicer website. 

A Unified Login

A cornerstone of the Federal Government’s idea around modernizing CX is that there is a simple way for people to access Government services across multiple devices. Login.gov is putting that idea into practice. To shift online, the Government must provide a secure access method for every customer with a goal to move past the need for passwords. The modern generation of customers expect technological services to be available on multiple devices. They also prefer the ability to take a break and pick up where they left off, which requires behavioral analytics to protect users. Each agency will also be required to offer phishing resistant multi factor authentication (MFA) as an option for public users. With proper Identity and Access Management (IAM), whether in the form of single sign on (SSO) or biometric methods to log in, an app can verify that the user accessing sensitive information is the desired recipient. This way, users can gain easy, secure access to their services and information and agencies gain relevant context at the application level that follows Zero Trust principles. 

Empowering CX with IAM

Okta, the leading independent Identity partner, understands that IAM is an integral part of ensuring services are simple, seamless and secure. Furthermore, IAM services can still center CX. Okta has created human-centered design challenge cards to help agencies redesign experiences based on user needs and CX metrics. By synthesizing CX, secure and proper IAM and modern capabilities, the Federal Government can help build trust with the new era of customers. 

To learn more about how Okta’s IAM capabilities aid CX in the Federal Government, watch my interview with Federal News Network to gain insight on building trust with customers. To learn more about how Government agencies can build trust with their customers and improve customer services, view content from Carahsoft’s Government Customer Experience & Engagement Summit.