The General Services Administration’s (GSA) new roadmap for its Federal Risk and Authorization Management Program (FedRAMP) is pivoting to look more at the “whole customer journey,” a GSA official said this week.
GSA released the new FedRAMP roadmap last week outlining how the program will evolve in the next 18 months, and focusing on key goals such as customer experience (CX) and cybersecurity leadership.
The roadmap outlines four strategic goals for 2024 to 2025, which include: orienting FedRAMP around CX, positioning the program as a leader in cybersecurity and risk management, significantly scaling the size and scope of a trusted FedRAMP marketplace, and increasing program effectiveness through automation and technology-forward operations.
Zaree Singer, GSA’s FedRAMP Agency Engagement Lead, discussed the new approach at the Palo Alto Networks Public Sector Ignite event on April 2.
“We’ve always looked at things like growth and time, but we just haven’t always done that in a way that looks at what the whole customer journey is for FedRAMP,” Singer said. “We’ve mostly looked at the things that … we are focused on and that we can control.”
“Really the main pivot that we want to make is there’s a whole other part of that process that really matters, and that in order for us to establish the right kinds of feedback mechanisms and make the changes that we need to make, in order to address those, we have to be looking at that whole piece,” she continued.
“This is going to be really hard,” Singer said. “But it’s something that’s really important to us that we take an active stance here in doing that.”
“We’re looking at really repositioning the program as one that has more cybersecurity leadership in it, and really takes more of a risk management approach and growing in that way, scaling in a much bigger way than we’ve been able to do so far,” said Singer.
“One of the known things about FedRAMP is this huge influx of [Software-as-a-Service] SaaS products … we haven’t been able to adjust in the right way to accommodate those,” she said. “That’s part of what that scaling is all about. And then finally, really taking more of a smarter kind of tech-forward approach to our internal operations with automation.”