The General Services Administration (GSA) today unveiled the roster of its newly created governing board of the Federal Risk and Authorization Management Program (FedRAMP) that provides a government-wide approach to security assessment, authorization, and continuous monitoring for cloud products and services used by Federal government agencies.
The new FedRAMP Board replaces the program’s Joint Authorization Board (JAB), which has served as the primary governance and decision-making body for the program since it was created in 2011. The JAB included chief information officers (CIOs) from the Defense Department (DoD), Homeland Security Department (DHS), and GSA.
Creation of the new FedRAMP Board follows mandates of legislation approved by Congress in 2022 to codify the program into Federal law, and to undertake other efforts to speed FedRAMP evaluation and approval processes.
GSA said today that the new board’s first order of business is to “ensure a smooth transition from the JAB and any work in progress.”
“The board is also focused on defining metrics for the program, engaging with agencies to perform joint-agency and single-agency authorizations, and working with FedRAMP to continuously monitor FedRAMP-authorized cloud products and services,” GSA said.
Each of DoD, DHS, and GSA will continue to have senior officials on the new board, and they will be joined by officials from several other agencies.
Inaugural board members announced today by GSA are:
- Hemant Baidwan, CISO at DHS;
- David McKeown, senior information security officer and deputy CIO at the DoD;
- Carrie Lee, deputy CIO at the Department of Veterans Affairs;
- Venice Goodwine, CIO at the Department of the Air Force;
- Christopher Butera, senior technical director for the Cybersecurity Division at the Cybersecurity and Infrastructure Security Agency;
- Sylvia Burns, CIO and chief privacy officer at the Federal Deposit Insurance Corp.; and
- Bo Berlas, CISO at GSA.
Eric Mill, who is executive director for cloud strategy at GSA, said “the new board brings a wealth of technology, cybersecurity, and engineering expertise from federal agency executives who will work to champion the vision of FedRAMP and make that vision successful.”
“The board will approve and help guide FedRAMP policies, bring together the federal community to create a robust authorization ecosystem, and be a critical partner to the FedRAMP program in our shared goal of a more streamlined customer experience and stronger federal cybersecurity,” Mill said.
“The FedRAMP Board intentionally comprises members from across government, bringing diverse perspectives from the frontlines of cyber and IT modernization efforts,” commented Deputy Federal CIO Drew Myklegard.
“By harnessing their collective expertise, the board will play a vital role in adapting the FedRAMP Program to address the evolving cyber landscape and enable the accelerated adoption of secure cloud technologies across the government,” he said.
Speaking today at GSA’s Federal Digital Experience Industry Day, GSA Administrator Robin Carnahan pledged, “we’re committed to really improving FedRAMP.”
“We know it has to be more scalable, it has to be more secure, it has to be easier to use,” she said, adding that GSA has focused on incorporating industry feedback as it executes the 2022 mandates from Congress.
“We intend to keep listening, to keep iterating, because we know how important it is not just for government agencies to access the latest cloud services but also for businesses, small businesses in particular, who are trying to get into the government marketplace,” Carnahan said. “We really want your continued feedback, so please let us know if you think we’re on the right track.”
