Significant cloud and security landscape changes have prompted the Office of Management and Budget to release new draft guidance modernizing the Federal Risk and Authorization Management Program first issued in 2011, reports FedScoop.
Aside from establishing a technical information security program with risk management in mind and providing various authorization structures to promote marketplace growth, the updated FedRAMP also seeks to advance automation to streamline processes and facilitate shared infrastructure utilization between the federal government and the private sector.
Utilization of existing commercial cloud services has also been urged under FedRAMP modernization. Such a move to update FedRAMP has been hailed by Rep. Gerry Connolly, D-Va., who wrote the FedRAMP Authorization Act.
"Today, OMB took the first step toward updating its decade-old guidance for the FedRAMP Program... Recognizing reciprocity is smart for vendors and smart for agencies. If you are approved at one window of government, that approval should carry with you to others," Connolly added.
The U.S. House Committee on Homeland Security invited Brad Smith, Microsoft’s top lawyer, to attend a proposed hearing on May 22 to discuss the use of the company’s email software that led to emails of U.S. government officials being obtained by hackers, according to CNBC.
U.S. cybersecurity agencies warn that Russia, China, Iran, and North Korea are increasingly targeting civil society organizations worldwide, according to The Record, a news site by cybersecurity firm Recorded Future.
Chris DeRusha is stepping down as federal chief information security officer after more than three years in the role, during which he significantly contributed to the Biden administration's cybersecurity initiatives, FedScoop reports.