The FedRAMP Ideation Challenge

Agency: General Services Administration
State: Massachusetts
Type of Government: Federal
FSC Category:
  • D - Automatic Data Processing and Telecommunication Services
NAICS Category:
  • 541512 - Computer Systems Design Services
Posted Date: Jun 25, 2019
Due Date: Aug 13, 2019
Solicitation No: FedRAMP0002
Bid Source: Please Login to View Page
Contact information: Please Login to View Page
Bid Documents: Please Login to View Page
Opportunity History
Solicitation Number :
FedRAMP0002
Notice Type :
Special Notice / Cancelled
Synopsis :
Added: Jun 24, 2019 4:39 pm

The FedRAMP Ideation Challenge


Shape how government performs cloud security authorizations.






Challenge


Reimagine the FedRAMP Security Authorization process and its supporting functions.




Goal


Hear unique perspectives and learn from Cloud Service Providers (CSPs), Agencies, Third Party Assessors (3PAOs), and all parties interested in cloud security and the authorization process.




Opportunity


Inform the next iteration of government’s premier cloud security authorization program.





Challenge:


Although Agencies are adopting secure cloud technologies at record-high levels, challenges remain. The Federal Risk and Authorization Management Program (FedRAMP) strives to continuously improve how we support our customers. In an effort to enhance and evolve our program, the FedRAMP Program Management Office (PMO) seeks to leverage the power and insights of the cybersecurity community. Respondents have the opportunity to help guide what the PMO’s takes on next and ensure that the government keeps federal data secure while bolstering modernization efforts.


Goal:


Participants should submit bold, innovative, and actionable ideas that offer a new perspective on the FedRAMP Authorization process.


Security and cloud professionals, academia, and anyone interested or involved in the FedRAMP ecosystem are invited to participate in this opportunity to share their best thinking on the next phase of FedRAMP.


Opportunity :


As technology evolves, it is important that federal Agencies manage information systems to address and mitigate security risks. We want to ensure FedRAMP continuously explores initiatives in support of a modern, efficient, and effective authorization process in an effort to reduce time and cost, without compromising cybersecurity rigor.


This challenge provides FedRAMP’s stakeholders and the cloud security community at large the opportunity to directly inform and contribute ideas in support of a new approach to risk assessments and security authorization for cloud products and services.


Background :


FedRAMP standardizes the Federal Government’s requirements and approach to security assessment, authorization, and monitoring of cloud products and services (Infrastructure as a Service [IaaS], Platform as a Service [PaaS], and Software as a Service [SaaS]). The FedRAMP program established several cloud security baselines in accordance with FISMA and aligned with the NIST RMF and NIST SP 800-53 . FedRAMP’s unified approach allows CSPs to demonstrate how they are safeguarding information using a single set of security requirements that is accepted by all executive branch Departments and Agencies. This “do once, use many” approach minimizes duplicative Agency-specific authorization efforts, inconsistencies, and cost inefficiencies.


FedRAMP works closely with partners from industry and government to promote the secure adoption of innovative information technologies. The FedRAMP PMO takes a continuous improvement mindset to its mission of creating transparent standards and processes to accelerate federal Agencies’ adoption of cloud technologies and ability to leverage security authorizations on a government-wide scale.


How Do CSPs Get a FedRAMP Authorization?


CSPs can achieve a FedRAMP Authorization from one of two approaches: through Agency partnership or through the Joint Authorization Board (JAB). Regardless of the authorization approach, the CSP and 3PAO must produce the same deliverables (documents, artifacts, and evidence files) to convey the risk associated with the cloud service offering.



JAB Authorization Process



Agency Authorization Process



Challenges with the “As-Is” FedRAMP Process:


As Agencies migrate to cloud technology, authorization challenges remain. FedRAMP is committed to providing workable and scalable solutions for our partners to advance the pace of secure cloud adoption.






STAKEHOLDER CHALLENGES




Industry






  • Time - Although there has been significant progress in reducing authorization timelines, more work is needed to improve the pace of authorizing new providers, approving significant changes, and on-boarding of new services.




  • Cost - The technical modifications, testing, and security materials required for a vendor to achieve a FedRAMP Authorization is comprehensive and rigorous. Depending on a vendor’s familiarity with these requirements, and the current “as-is” environment, costs can quickly escalate.






Agencies






  • Reciprocity - Some agencies are not accepting FedRAMP Authorizations at face-value and require additional security requirements in addition to the FedRAMP baseline. This action transforms the ATO process from a risk-enabling practice to a labor-intensive exercise and loses sight of FedRAMP’s intended “do once, use many” goal.









Helpful Resources and Where to Start


FedRAMP PMO launched multiple projects and initiatives in the past in response to customer feedback. Take a look at previous improvement efforts and get a feel for the PMO’s approach to continuous process improvement:



Submission Details:


Challenge participants are encouraged to submit any idea that could improve and benefit authorization process. No idea is too small!


Participants should submit their idea to info@fedramp.gov by 5pm EDT August 13, 2019 with the subject line: “FedRAMP Challenge Response.” Submissions should be no more than 2 pages, 11 point Arial font attached to the message as a PDF or Word document.


Responses should include brief details on your relationship to FedRAMP, such as how you would identify yourself (CSP, 3PAO, Agency, Industry, Interested Citizen, or other). All approaches to this challenge are welcome, but here is an optional outline to organize your response:




  1. Clearly identify and describe the improvement/Initiative




  2. Detail existing challenges the improvement/initiative addresses




  3. Provide a technical or management approach to implementing the idea




  4. Identify resources required for idea implementation and sustainment (e.g. level of effort, expertise needed, tooling,etc.)




  5. Describe intended outcomes of implementing the idea




  6. Develop and list metrics to successfully monitor and manage initiative post implementation




Please keep in mind that we do not want to compromise security rigor!


Submissions will be reviewed by the FedRAMP PMO. As a result of this challenge and internal efforts, FedRAMP will define its next big move as a program and communicate the results of this effort through the Focus on FedRAMP blog . The PMO will also release a Special Notice on FedBizOps and on GSA eBuy as part of a larger coordinated effort to gather ideas from the broadest possible community. These public announcements will contain a direct link to the FedRAMP website for further details about the ideation challenge.


Thank you for your effort and commitment to partnering with FedRAMP to improve cybersecurity for all.


Rules and Conditions:




  • FedRAMP will not respond to each submission individually but may reach out via email to individual submitters for clarification if needed.




  • This is a targeted open crowdsourcing and ideation activity to collect insight and is not a competition where prizes may be awarded.




  • Please do not submit proprietary information. Any information provided may be incorporated into the design of the project. Information submitted in response to this notice is subject to disclosure under the Freedom of Information Act. Respondents are advised that the Government is under no obligation to acknowledge, compensate or provide feedback with respect to any information submitted under this notice.




  • By participating in this crowdsourcing activity, submitters agree to hold GSA harmless from all legal and administrative claims to include associated expenses that may arise from any claims related to their submission or its use.




  • GSA will not be responsible for any claims or complaints from third parties about any disputes of ownership regarding the ideas, technology, white papers, prototypes, or images included in submissions.




  • GSA reserves the right for any reason to modify or close the challenge at any time.






Added: Jun 25, 2019 7:54 am
No longer active
Contracting Office Address :
10 Causeway Street
Boston, Massachusetts 02222
United States
Primary Point of Contact. :
Brian T. Burns,
Contracting Officer
Phone: 6173787565
General Information
Notice Type:
Special Notice / Cancelled
Original Posted Date:
June 24, 2019
Posted Date:
June 25, 2019
Response Date:
Aug 13, 2019 5:00 pm Eastern
Original Response Date:
Aug 13, 2019 5:00 pm Eastern
Archiving Policy:
Automatic, on specified date
Original Archive Date:
August 16, 2019
Archive Date:
August 16, 2019
Original Set Aside:
N/A
Set Aside:
N/A
Classification Code:
D -- Information technology services, including telecommunications services
NAICS Code:
541 -- Professional, Scientific, and Technical Services/541512 -- Computer Systems Design Services

Related Document

Jun 24, 2019[Special Notice] The FedRAMP Ideation Challenge

Sign-up for a Free Trial, Government Bid Alerts

With Free Trial, you can:

You will have a full access to bids, website, and receive daily bid report via email and web.

Try One Week FREE Now

See Also

Bid Solicitation: BD-20-1076-OCDDE-OCD01-46057 Header Information Bid Number: BD-20-1076-OCDDE-OCD01-46057 Description: DHCD2020-16 Due Diligence Posting

Commonwealth of Massachusetts

Bid Due: 12/28/2019

Bid Solicitation: BD-20-1156-00001-00001-46450 Header Information Bid Number: BD-20-1156-00001-00001-46450 Description: Instrumental Maintenance Bid Opening

Commonwealth of Massachusetts

Bid Due: 12/19/2019

Login Help Quick Quotes Solicitations Contracts Forums Business Directory Join Fed Stimulus Resource

State Government of Massachusetts

Bid Due: 12/31/2099

Document Number: DMA021004001 Issued By: Executive Office of Health & Human Services /

State Government of Massachusetts

Bid Due: 12/31/2099