Cyber is the “latest front in warfare” according to Michael Greenman, senior product marketing manager at Deltek.
As the U.S. government works to maintain its standing in the cyber realm, industry has “rallied around the idea of cybersecurity risks,” and the public sector has continued to update its cybersecurity standards to ensure that contractors are upholding best practices.
For contractors serving federal clients, it is “all about achieving and maintaining compliance” with those contracts, Greenman said during GovCon Wire’s Understanding FedRAMP Compliance Webinar on Thursday.
Ensuring compliance requires a strong set of standards, and one way the government has defined its cybersecurity framework is through the Federal Risk and Authorization Management Program. Established in 2011, FedRAMP lays out specific standards for the public sector to authorize cloud service offerings for use. It is intended to “ensure the confidentiality, integrity and availability” of government data.
“Other things include promoting and adopting secure cloud technologies, improving risk management, reducing duplication – all sorts of good high-level things,” Greenman added.
For contractors, specifically those working with the Department of Defense, achieving a FedRAMP authorization can help accelerate efforts to serve clients.
“This helps a lot – not to the level of FedRAMP authorization, meaning that a cloud service provider can sell to the government – but just the fact that your service provider has gone through the gauntlet and achieved that very elite status not only says a lot for your own peace of mind, but it makes the auditor’s life a lot easier,” he elaborated.
FedRAMP is representative of a larger evolution in federal cybersecurity efforts. It is built on several pillars, including two National Institute for Standards and Technology guidelines for cybersecurity. The Federal Information Security Management Act, which was initially passed in 2002 and updated in 2014, was also a major factor in putting FedRAMP motion, according to Greenman.
“[FISMA] was the eventuality of all the other things that needed to be done before that, which was coming up with standards for encryption, standards for the categorization of data and minimum protection standards for the security of data,” he said.
Moving forward, the federal government plans to modernize FedRAMP to stay ahead of increasingly sophisticated cyberthreats. Greenman noted several ways the public sector is looking to improve the program, including creating faster pathways to authorize new technologies and setting other equivalent standards.
Further exploring the FedRAMP Ready designation is another priority. Updates to this part of the process, said Greenman, could “help on-ramp additional small or disadvantaged businesses who may provide novel or important capabilities” but face barriers to entering the FedRAMP marketplace.
Don’t miss Executive Mosaic’s next event – the Potomac Officers Club’s 2023 Homeland Security Summit! During the event, you will have the opportunity to hear from both public and private sector leaders who will come together to discuss the Department of Homeland Security’s efforts to adapt to the modern homeland security landscape. Click here to learn more, and click here to register to attend.