FedRAMP | Georgia Tech Procurement Assistance Center

Small businesses struggle to climb the FedRAMP

July 17, 2019 By Andrew Smith

Small businesses need lawmakers to ease barriers to product authorization through the Federal Risk and Authorization Management Program, according to industry and federal CIOs speaking before Congress.

FedRAMP is the entity charged with evaluating security and authorizing cloud products. During a House Subcommittee on Government Operations hearing on the program, CIOs noted challenges for small business in getting offerings approved, such as a lack of transparency with the length of the process and cost.

Or some don’t know it exists it all.

“A lot of small businesses are unaware of the process itself, the security requirements that we have,” said Anil Cheriyan, the director of technology transformation services at the General Services Administration.

It took 20 months for Virtru, a small data protection start-up, to get its product FedRAMP authorized for a federal agency to use, according to testimony from Virtru’s CTO Will Ackerly. From the beginning, he said, “it was also unclear upon entering the process how long it would take.” The process cost the company $1.6 million, he told lawmakers.

Entering the FedRAMP approval process can be a “high-risk decision for most small companies” because of the cost “when combined with unknown timelines,” he said.

Looking back, Ackerly said that if his company hadn’t received an agency sponsorship to go through the FedRAMP process, it may not have made it through.

Continue reading at: Federal Times

Impact of FedRAMP for Small Businesses

February 7, 2018 By Andrew Smith

Did you know that over 30% of FedRAMP Cloud Service Providers (CSPs) are small businesses? When this statistic is shared across industry and the federal community, people are quite surprised — and pleased! Since small businesses represent an essential component of FedRAMP, organizers of the program realized it was essential to engage directly with the small business community to gather feedback to improve the program.

The convenor of FedRAMP, the General Services Administration (GSA), recently reached out to more than 40 small businesses engaged with FedRAMP to hear their feedback, learn about their experience with FedRAMP, and gather best practices to share across the small business CSP community. These CSPs spanned all stages of the FedRAMP process: In-Process, Ready, and Authorized.

From these meetings, GSA learned that most of the best practices for achieving a FedRAMP ATO are the same for both large and small CSP. For example:

Be prepared and utilize the Readiness Assessment Report,
Engage early and often with the FedRAMP PMO, and
Know the ins and outs of your system.

However, there were three unique differences that small businesses who have made it through FedRAMP repeatedly told us during our interviews:

Bigger Impact to Resources – But More Agile Teams

Pursuing and maintaining a FedRAMP Authority to Operate (ATO) proportionally requires more resources for a small business, requiring a team with specialized skillsets and costs associated with hiring a Third Party Assessment Organization (3PAO). As a result, staff often wear multiple hats and blend several duties into their role. This requires monitoring resource allocation carefully. Yet, the organizational structure of small businesses may provide some advantages. For example, teams don’t operate in silos and CSPs don’t have to navigate bureaucracy. With more centralized decision making and fewer layers of management, the process can go faster.

Levels Playing Field During Acquisition

Additionally, having a FedRAMP Authorization levels the playing field for acquisitions, as some Federal Agencies choose to require a FedRAMP ATO in their competitive procurement process.

Increased Security

Finally, being FedRAMP-Authorized can enhance the company’s internal security processes and rigor across all their products — not just those that are authorized — creating higher and more rigorous security standards for all systems and increasing system maturity.

**The governance of FedRAMP is comprised of different executive branch entities that work in a collaborative manner to develop, manage, and operate the program.**

Source: https://www.fedramp.gov/impact-of-fedramp-for-small-businesses/

GSA holding technology industry day Sept. 8th

August 31, 2016 By Andrew Smith

On September 8, the General Services Administration (GSA) is hosting its very first Technology Industry Day. Participating vendors will get an opportunity to learn about how GSA is transforming technology in the federal government, see demos of products and solutions developed by technologists and, last but not least, provide feedback on how GSA can work better with industry.

The event will be held at GSA headquarters located at 1800 F St., NW, Washington, DC 20405, and the event also will be accessible remotely.

On-site registration will close on September 5, 2016, and remote registration will close on the day of the event.

Below are a few projects to be featured and registration details:

Agile BPA

The Agile Blanket Purchase Agreement allows innovation in procurement, lessens the burden on industry and solves problems in a user-centered approach. A great example is the work with the FedRAMP program management office at GSA, the first client to use the Agile BPA. We helped the FedRAMP office hire an agile vendor to implement human-centered design and build a public-facing dashboard about cloud authorizations.

Micropurchasing

Micropurchasing is a process is where the federal government makes small procurements to directly buy products and services, as long as the price does not exceed $3,500. Currently, we are using that process to buy small pieces of open source software and design through the Micro-purchase Marketplace. This process has allowed clients to add valuable features to their products through quick, inexpensive purchases.

Cloud.gov

Cloud.gov is a shared platform built for government that allows agencies to securely deploy systems to the cloud. It takes care of baseline security and scalability concerns and allows federal teams to focus on delivering quality products.

Agenda

GSA Tech Industry Day 09.08.2016

Registration

If you want to learn more, sign up to join GSA on September 8 for the first Technology Industry Day.

4 government contracting trends to watch in 2016

October 9, 2015 By Andrew Smith

Today’s times represent an ongoing shift in the federal services marketplace. The changes are broad and include shifts in technology; acquisition methods; and the economics of being a contractor with significant hurdles and barriers to success. These market dynamics will play out over the coming months and years – here’s a rundown of the most significant of those changes now well underway.

1. Cloud Computing Continues to Absorb IT Services Opportunities
Federal agencies have moved beyond the 2010 Cloud-First mandate to adopt cloud computing, and have begun embracing the cloud to support their business and mission objectives. Cloud computing represents a significant change to the way that the federal government had done business. Cloud computing permits the customer to spend less time managing complex IT resources and more time investing in core mission work. Companies that have cloud-based offerings are winning significant business away from providers that have historically supported “in-house” solutions.

An estimated $20 billion of the federal government’s $80 billion in IT spending is a potential target for migration to cloud computing solutions, according to the White House’s Federal Cloud Computing Strategy. The size and scope of cloud programs are becoming larger, driven in part by the success of smaller projects, and by the manifestation of supporting policies, including FedRAMP, a security “stamp of approval” that lets government agencies know a solution has an appropriate and detailed security plan in place. To date, 48 systems have been authorized FedRAMP compliant. With the cost of a FedRAMP certification reaching as high as $300,000 and authorizations taking 9 to 15 months, gaining certification is a major commitment for any company. As a result, many firms, especially small businesses, may be locked out of this segment of the market.

Read all 4 contracting trends to watch in 2016 at: http://www.washingtonexec.com/2015/10/guest-column-4-government-contracting-trends-to-watch-in-2016-by-mark-abel/

Small businesses struggle to climb the FedRAMP

Contracting News

NDAA requires Contracting Officers to provide information to unsuccessful offerors for task and delivery orders valued under $5.5 million

Recent cases indicate viability of False Claims Act liability connected to federal cybersecurity standards

Justice Department recovers over $3 billion from False Claims Act cases in FY 2019

How the Navy SEALs wound up buying 450 counterfeit radio antennas

Lockheed Martin’s Marietta GA facility wins major C-130J contract

Contracting Tips

In certain circumstances the government may waive strict compliance with construction specifications

Getting Ready for CMMC (Resources and Links)

You may have a choice in how to calculate your size

GSA’s big changes in 2020, Part 2

COFC highlights importance of proving damages in CDA claims

GTPAC News

Save the date: 2020 Robins Air Force Base requirements symposium to be held March 26, 2020

GSA hosting Federal Acquisition Service Training Conference in Atlanta, GA April 14-16, 2020

DOAS and Georgians First Commission hosting Georgia Small Business Symposium Feb. 12, 2020

SBA hosting access to capital forum Sept. 16th

Recent DoD contract awards (Aug. 15 – 28)

Georgia Tech News

$25 million project will advance DNA-based archival data storage

Georgia Tech collaborates with IBM to develop software stacks for quantum computers

Georgia Tech’s 100,000th living engineering graduate

President Cabrera’s First Week

Research, sponsored activity awards top $1 billion at Georgia Tech