Last week I was happy to participate in a webinar with my colleague Brad Schulteis, director of government solutions at Rackspace.
The session was called, “Getting to FedRAMP Ready: What You Need to Know” and provided some practical, real-world advice for anyone who is at the beginning of the FedRAMP journey. We covered a number of topics, including:
- Organizing your people and processes for success at the start
- Allocating the appropriate resources
- Understanding FedRAMP requirements
- Determining your authorization boundary
- Managing your investment in your 3PAO service
- Leveraging inheritance and automation in order to reduce time and cost
This webinar is beneficial, not only to cloud service offerings that are pursuing Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) but also, to anyone who is starting this FedRAMP journey. Based on our experience and involvement in the FedRAMP process, Brad and I were able to give real-life examples and tips to make your FedRAMP journey easier. Some of the questions we answered during this webinar were:
- How do you determine which authorization is right for you?
- How can you leverage a platform as a service to help expedite your authorization?
- Do you need to have FedRAMP ATO in order to bid on government contracts?
- How long does it actually take to get authorized?
- What should be included in your authorization boundary?
This advice, when used collectively, will help vendors discover that the path to FedRAMP success is much easier than anticipated. The FedRAMP process can be daunting, but it is more than doable with the right processes and resources.
FedRAMP is not static – administrators are receptive to collaboration and process improvements, and companies should take advantage of that openness. Continually evaluate your current processes and be on the lookout for ways to improve and eventually incorporate them into your organization’s FedRAMP process.
We offer a recorded version of “Getting to FedRAMP Ready” if you’d like to watch it or share it with colleagues to help build the case for FedRAMP compliance.
The Empower and Protect Blog brings you cybersecurity and information technology insights from top industry experts at Telos.