231222 Comments Fed RAMP Modernization OMB
Senior Manager, Cyber, Space, and National Security Policy Division, U.S. Chamber of Commerce
Vice President, Cybersecurity Policy Cyber, Intelligence, and Security Division U.S. Chamber of Commerce
Published
January 03, 2024
Clare Martorana
Federal Chief Information Officer
Office of Management and Budget
1650 Pennsylvania Avenue, NW
Washington, DC 20502
Re: Request for Comments on Updated Guidance for Modernizing the Federal Risk Authorization Management Program (FedRAMP); Federal Register, October 27, 2023; Docket # OMB–2023–0021
Dear Ms. Martorana:
The U.S. Chamber of Commerce welcomes the opportunity to comment on the Office of Management and Budget’s (OMB’s) draft memorandum on modernizing FedRAMP (the draft memo). We also appreciate the additional time that was given to stakeholders to provide officials with substantive feedback.
The Chamber’s membership includes numerous federal contractors and cloud service providers (CSPs) that partner with federal agencies and operate within the FedRAMP structure. In general, the Chamber supports the FedRAMP model and considers it a constructive tool for CSPs to deliver innovative and secure cloud products and services to the federal government. However, we believe there are critical aspects of the present FedRAMP model that hinder the commercial sector’s ability to work with agencies in the most productive and efficient manner.
The Chamber believes that it is important for OMB to modernize FedRAMP. We are providing this letter to highlight approaches that should reduce complexity and promote modern commercial cloud solutions for the government. We do not address all elements of the draft memo.
Our comments are organized into the following five sections:
- Strengthen FedRAMP by adapting to today’s commercial cloud environment.
- Increase the commercial cloud solutions and prioritize reciprocity among authorizations.
- Harmonize agency requirements to improve cybersecurity and cost efficiencies.
- Ensure a fair and transparent transition to the new FedRAMP policy structure.
- Manage the implementation of the updated FedRAMP structure with input from industry.
231222 Comments Fed RAMP Modernization OMB
About the authors
Jack Overstreet
Matthew J. Eggers
Matthew J. Eggers is vice president of cybersecurity policy in the Cyber, Intelligence, and Security division at the U.S. Chamber of Commerce.