GSA begins FedRAMP pilot to change request process
A new FedRAMP pilot will utilize a non-blocking process for reviewing significant changes to the governmentwide compliance program for cloud services, the General Services Administration announced Wednesday.
GSA said it is inviting cloud service providers to apply to participate in the Agile Delivery pilot, part of an agency effort to replace the “significant change request” process with an approach that removes the requirement of advanced approval for each change. The pilot is set to focus on the addition of new features for existing cloud service offerings, the GSA said.
Eric Mill, executive director for cloud strategy at GSA’s Technology and Transformation Services, teased the release of the Agile Delivery pilot in an interview with FedScoop last month, calling the significant change process a big “pain point” in the FedRAMP program.
“What we want to do is try to enable cloud providers to keep moving through this process, but to move some of the information and review parts of that process, more left on the timeline,” Mill said. “We want to know that the information that would be coming into this process is coming to us in an ongoing way so that we can have sufficient confidence to remove the blocking approval step on a per-change basis.”
The GSA warned agencies in the press release that they may see “significant delays” before being able to access features that could help security and delivery on their missions. Additionally, the release said that cloud service providers “may create government-specific offerings that lag behind their commercial offerings” or choose not to enter the FedRAMP marketplace “so as not to delay development and improvement of their core product.”
The GSA is accepting applications from cloud service providers until July 26, and anticipates working with providers and agencies to make selections by Aug. 16. Cloud providers planning to release a new feature before the end of the year are encouraged to apply, per the GSA.
“The data gathered from this pilot will help inform program-wide changes to streamline the current processes for change management,” the release states. “Our long-term goal is to shift the FedRAMP process to one that is based on continuous assessment rather than assessing point-in-time snapshots.”
The Agile Delivery pilot is part of the overarching FedRAMP roadmap release, the GSA said.
“We want to be able to have the same amount of confidence in the security and overall, just get more security stuff out of these cloud providers,” Mill previously told FedScoop. “More patches, more features, more work with the same amount of confidence and overall control in the process by moving this to an oversight of the process rather than each change.”
