New Steps in the FedRAMP Process & 4 Lessons We've Recently Learned

Discover one CSP’s story in navigating a FedRAMP and Security Level 4 DISA certification

The last update on our FedRAMP story was shortly after we achieved our FedRAMP Ready designation. Since then, we have started moving toward the most difficult stage of all – the review.

Let us share with you how we got here.

3 Difficulties Faced, 5 Reasons to Hope, and 3 Next Steps

Discover one contractor’s story in navigating a FedRAMP and Security Level 4 DISA certification

As well prepared as our team came into the FedRAMP certification process, we could never have been prepared for the difficulty of navigating the road that is FedRAMP+/DISA certification.  

Before making it appear that we are complaining, allow us to clarify that FedRAMP itself has admitted that the process is still too time-consuming and costly for most small businesses. In fact, the FedRAMP expert we hired to initially guide us through this process told us, “You are crazy to try: you might not be able to sustain it financially as a small business and should consider whether this opportunity is worth the risk. By the time you get through the whole process (esp. with the DoD involved), you might not be a business anymore.” At the same time, FedRAMP is an unusual Government organization in how committed it is to improving this—since 2011, there have been many changes for the better.

5 Takeaways at the Early Stages of FedRAMP

Part of our Series on our FedRAMP journey

One contractor’s story in navigating a FedRAMP and Security Level 4 DISA certification

Why tell our journey of going through FedRAMP?

We’re sharing our story to encourage you regardless of how you’re involved in technology and modernization: 

• You’re an Agency who needs help from industry partners (both Government and commercial) to understand and achieve FedRAMP cloud readiness 
• You’re an Agency who is sponsoring a Cloud Service Provider (CSP) as a mission owner 
• You’re a CSP seeking FedRAMP certification for your product 

This series of articles will hopefully tell an interesting story and shed some light into the process.

How a Government Agency Set an Example of Transformation

Part of our Series on our FedRAMP journey

It's become all too common (and usually justified) for private industry to believe that over time, Government programs grow in scope and budget, and not only fail to achieve their goals, but become a hindrance to their stated purpose.

If you scrutinized FedRAMP just a few years after its creation in 2011, you would have come to this same conclusion. Instead of helping Government agencies achieve IT modernization, factors had come together to make the FedRAMP process a bureaucratic morass that was difficult and costly to navigate toward authorization.

It was surprising then that in 2015, the directors of FedRAMP did something unfortunately rare in our industry: they reflected on their program and with brutal honesty admitted that it was failing. This was the first and most important step the in the process of rebuilding the program from the ground up. 

It’s because of this bold action that FedRAMP is seeing more and more success in helping agencies move to the cloud and helps FedRAMP stands out as a program that is (if slowly) successfully moving closer to the goal it was created to achieve.