The fact that cybersecurity is mandatory in the federal marketplace has, until now, been a widely held belief, but without a specific process or policy to guide the federal agencies who are moving to cloud-computing services. This deficit has been corrected with the Federal Risk and Authorization Management Program (FedRAMP).
According to the General Services Administration (GSA), cybersecurity FedRAMP is the result of close collaboration with cybersecurity and cloud experts from GSA, NIST, DHS, DoD, NSA, OMB, the Federal CIO Council and its working groups, as well as private industry.
These federal agencies collaborated to develop FedRAMP as a standardized approach to security assessment, authorization and continuous monitoring for cloud-based products and services. In the past, each agency incurred the costs to independently manage its own security risks, assess Information Technology (IT) systems and deploy improvements. This process proved to be inconsistent, duplicative, cronicadearagon expensive and inefficient, and often failed to incorporate a focus on real-time threats and identify mitigation processes quickly.
The anticipated agency benefits include reduced costs, standardized security assessments and continuous monitoring, Criminal Affair as well as quicker adoption of cloud-based services and products and bottom-line agency confidence in the security of cloud-based systems.
GSA further stated that “FedRAMP is mandatory for federal agency cloud deployments and service models at the low and moderate risk impact levels. Private cloud deployments intended for single organizations and implemented fully within federal facilities are the only exception.”
This is great news if a company is one of the “approved cloud service providers” that can prove that their products and service implement the required security controls needed to meet the security requirements outlined in FedRAMP. The bad news is that if a company is not on the “approved” list, there is little to no chance of seeing business in the federal cybersecurity market.
• AAI Corp., Hunt Valley, won a $358 million contract from The U.S. Army Contracting Command for Tactical Common Data Link Retrofit Kits and Related Equipment for the Shadow Unmanned Aircraft System.
• Ameritel Corp., Rockville, won a $17,733 contract from the National Institute of Standards and Technology for a copier with security features.
• John J. Kirlin LLC, Rockville, along with four other contractors, won a $585 million contract from The U.S. Army Corps of Engineers for design and construction services for the Medical Repair and Renewal Program.
• The Johns Hopkins University Applied Physics Laboratory, Medical clinic Laurel, won a $922.9 million contract from the Missile Defense Agency (MDA) for providing the MDA with essential engineering, research and development capabilities for the Ballistic Missile Defense System.
• Manufacturing Support Industries, Hebron, won a $9,353,267 contract from the U.S. Army Contracting Command for the M249 blank firing attachment and replacement stems to be used in training exercises.
• Northrop Grumman Systems Corp., Linthicum, won a $76,727,752 contract from the U.S. Army Contracting Command for engineering and technical services in support of the Vehicle and Dismount Exploitation Radar system.
• Smith’s Detection, Edgewood, won a $16,868,181 contract from U.S. Army Contracting Command for M4A1 joint chemical agent detectors, communication adapters, confidence checker, platform integration kit and sieve pack.
• Sun Edison LLC, Beltsville, won a $38.4 million contract from Davis-Monthan Air Force Base for electricity to be provided from a photovoltaic array built, owned and operated by the contractor.