231222 Comments Fed RAMP Modernization OMB

Jack Overstreet Jack Overstreet
Senior Manager, Cyber, Space, and National Security Policy Division, U.S. Chamber of Commerce
Matthew J. Eggers Matthew J. Eggers
Vice President, Cybersecurity Policy Cyber, Intelligence, and Security Division U.S. Chamber of Commerce

Published

January 03, 2024

Share

Clare Martorana
Federal Chief Information Officer
Office of Management and Budget
1650 Pennsylvania Avenue, NW
Washington, DC 20502

Re: Request for Comments on Updated Guidance for Modernizing the Federal Risk Authorization Management Program (FedRAMP); Federal Register, October 27, 2023; Docket # OMB–2023–0021

Dear Ms. Martorana:

The U.S. Chamber of Commerce welcomes the opportunity to comment on the Office of Management and Budget’s (OMB’s) draft memorandum on modernizing FedRAMP (the draft memo). We also appreciate the additional time that was given to stakeholders to provide officials with substantive feedback.

The Chamber’s membership includes numerous federal contractors and cloud service providers (CSPs) that partner with federal agencies and operate within the FedRAMP structure. In general, the Chamber supports the FedRAMP model and considers it a constructive tool for CSPs to deliver innovative and secure cloud products and services to the federal government. However, we believe there are critical aspects of the present FedRAMP model that hinder the commercial sector’s ability to work with agencies in the most productive and efficient manner.

The Chamber believes that it is important for OMB to modernize FedRAMP. We are providing this letter to highlight approaches that should reduce complexity and promote modern commercial cloud solutions for the government. We do not address all elements of the draft memo.

Our comments are organized into the following five sections:

  1. Strengthen FedRAMP by adapting to today’s commercial cloud environment.
  2. Increase the commercial cloud solutions and prioritize reciprocity among authorizations.
  3. Harmonize agency requirements to improve cybersecurity and cost efficiencies.
  4. Ensure a fair and transparent transition to the new FedRAMP policy structure.
  5. Manage the implementation of the updated FedRAMP structure with input from industry.

231222 Comments Fed RAMP Modernization OMB

About the authors

Jack Overstreet

Jack Overstreet

Matthew J. Eggers

Matthew J. Eggers

​Matthew J. Eggers is vice president of cybersecurity policy in the Cyber, Intelligence, and Security division at the U.S. Chamber of Commerce.

Read more