FedRAMP | Georgia Tech Procurement Assistance Center

Small businesses struggle to climb the FedRAMP

July 17, 2019 By Andrew Smith

Small businesses need lawmakers to ease barriers to product authorization through the Federal Risk and Authorization Management Program, according to industry and federal CIOs speaking before Congress.

FedRAMP is the entity charged with evaluating security and authorizing cloud products. During a House Subcommittee on Government Operations hearing on the program, CIOs noted challenges for small business in getting offerings approved, such as a lack of transparency with the length of the process and cost.

Or some don’t know it exists it all.

“A lot of small businesses are unaware of the process itself, the security requirements that we have,” said Anil Cheriyan, the director of technology transformation services at the General Services Administration.

It took 20 months for Virtru, a small data protection start-up, to get its product FedRAMP authorized for a federal agency to use, according to testimony from Virtru’s CTO Will Ackerly. From the beginning, he said, “it was also unclear upon entering the process how long it would take.” The process cost the company $1.6 million, he told lawmakers.

Entering the FedRAMP approval process can be a “high-risk decision for most small companies” because of the cost “when combined with unknown timelines,” he said.

Looking back, Ackerly said that if his company hadn’t received an agency sponsorship to go through the FedRAMP process, it may not have made it through.

Continue reading at: Federal Times

Impact of FedRAMP for Small Businesses

February 7, 2018 By Andrew Smith

Did you know that over 30% of FedRAMP Cloud Service Providers (CSPs) are small businesses? When this statistic is shared across industry and the federal community, people are quite surprised — and pleased! Since small businesses represent an essential component of FedRAMP, organizers of the program realized it was essential to engage directly with the small business community to gather feedback to improve the program.

The convenor of FedRAMP, the General Services Administration (GSA), recently reached out to more than 40 small businesses engaged with FedRAMP to hear their feedback, learn about their experience with FedRAMP, and gather best practices to share across the small business CSP community. These CSPs spanned all stages of the FedRAMP process: In-Process, Ready, and Authorized.

From these meetings, GSA learned that most of the best practices for achieving a FedRAMP ATO are the same for both large and small CSP. For example:

Be prepared and utilize the Readiness Assessment Report,
Engage early and often with the FedRAMP PMO, and
Know the ins and outs of your system.

However, there were three unique differences that small businesses who have made it through FedRAMP repeatedly told us during our interviews:

Bigger Impact to Resources – But More Agile Teams

Pursuing and maintaining a FedRAMP Authority to Operate (ATO) proportionally requires more resources for a small business, requiring a team with specialized skillsets and costs associated with hiring a Third Party Assessment Organization (3PAO). As a result, staff often wear multiple hats and blend several duties into their role. This requires monitoring resource allocation carefully. Yet, the organizational structure of small businesses may provide some advantages. For example, teams don’t operate in silos and CSPs don’t have to navigate bureaucracy. With more centralized decision making and fewer layers of management, the process can go faster.

Levels Playing Field During Acquisition

Additionally, having a FedRAMP Authorization levels the playing field for acquisitions, as some Federal Agencies choose to require a FedRAMP ATO in their competitive procurement process.

Increased Security

Finally, being FedRAMP-Authorized can enhance the company’s internal security processes and rigor across all their products — not just those that are authorized — creating higher and more rigorous security standards for all systems and increasing system maturity.

**The governance of FedRAMP is comprised of different executive branch entities that work in a collaborative manner to develop, manage, and operate the program.**

Source: https://www.fedramp.gov/impact-of-fedramp-for-small-businesses/

GSA holding technology industry day Sept. 8th

August 31, 2016 By Andrew Smith

On September 8, the General Services Administration (GSA) is hosting its very first Technology Industry Day. Participating vendors will get an opportunity to learn about how GSA is transforming technology in the federal government, see demos of products and solutions developed by technologists and, last but not least, provide feedback on how GSA can work better with industry.

The event will be held at GSA headquarters located at 1800 F St., NW, Washington, DC 20405, and the event also will be accessible remotely.

On-site registration will close on September 5, 2016, and remote registration will close on the day of the event.

Below are a few projects to be featured and registration details:

Agile BPA

The Agile Blanket Purchase Agreement allows innovation in procurement, lessens the burden on industry and solves problems in a user-centered approach. A great example is the work with the FedRAMP program management office at GSA, the first client to use the Agile BPA. We helped the FedRAMP office hire an agile vendor to implement human-centered design and build a public-facing dashboard about cloud authorizations.

Micropurchasing

Micropurchasing is a process is where the federal government makes small procurements to directly buy products and services, as long as the price does not exceed $3,500. Currently, we are using that process to buy small pieces of open source software and design through the Micro-purchase Marketplace. This process has allowed clients to add valuable features to their products through quick, inexpensive purchases.

Cloud.gov

Cloud.gov is a shared platform built for government that allows agencies to securely deploy systems to the cloud. It takes care of baseline security and scalability concerns and allows federal teams to focus on delivering quality products.

Agenda

GSA Tech Industry Day 09.08.2016

Registration

If you want to learn more, sign up to join GSA on September 8 for the first Technology Industry Day.

4 government contracting trends to watch in 2016

October 9, 2015 By Andrew Smith

Today’s times represent an ongoing shift in the federal services marketplace. The changes are broad and include shifts in technology; acquisition methods; and the economics of being a contractor with significant hurdles and barriers to success. These market dynamics will play out over the coming months and years – here’s a rundown of the most significant of those changes now well underway.

1. Cloud Computing Continues to Absorb IT Services Opportunities
Federal agencies have moved beyond the 2010 Cloud-First mandate to adopt cloud computing, and have begun embracing the cloud to support their business and mission objectives. Cloud computing represents a significant change to the way that the federal government had done business. Cloud computing permits the customer to spend less time managing complex IT resources and more time investing in core mission work. Companies that have cloud-based offerings are winning significant business away from providers that have historically supported “in-house” solutions.

An estimated $20 billion of the federal government’s $80 billion in IT spending is a potential target for migration to cloud computing solutions, according to the White House’s Federal Cloud Computing Strategy. The size and scope of cloud programs are becoming larger, driven in part by the success of smaller projects, and by the manifestation of supporting policies, including FedRAMP, a security “stamp of approval” that lets government agencies know a solution has an appropriate and detailed security plan in place. To date, 48 systems have been authorized FedRAMP compliant. With the cost of a FedRAMP certification reaching as high as $300,000 and authorizations taking 9 to 15 months, gaining certification is a major commitment for any company. As a result, many firms, especially small businesses, may be locked out of this segment of the market.

Read all 4 contracting trends to watch in 2016 at: http://www.washingtonexec.com/2015/10/guest-column-4-government-contracting-trends-to-watch-in-2016-by-mark-abel/

Small businesses struggle to climb the FedRAMP

Contracting News

DoD publishes long awaited interim rule on CMMC

Long awaited changes to WOSB/EDWOSB regulations expected this summer

The CMMC has arrived: DoD publishes version 1.0 of its new cybersecurity framework

GSA keeping ‘on track’ with schedule consolidation

Contracting Tips

A guide to labor and employment obligations for federal contractors

Who pays for CMMC certification?

Other transaction agreements: Where does an unsuccessful bidder go?

Knowledge is power, if you know how to use it

EAJA provides relief to construction contractor for government’s bad actions

GTPAC News

GSA Region 4 OSDBU hosting small business webinar

GTPAC launches COVID-19 resource page

GDEcD seeks GA Manufacturers and Distributors that can help with critical health care supply needs related to COVID-19

Georgia DOAS to hold 4th Annual Georgia Procurement Conference April 21-23, 2020

MICC Fort Stewart hosting acquisition forecast open house on Thursday, Feb. 6, 2020

Georgia Tech News

Dr. Abdallah testifies on U.S. competitiveness, research, STEM pipeline at Congressional hearing

Georgia Tech’s Technology Square Phase III to include George Tower

Student surprises his teacher with Georgia Tech acceptance news

Georgia Tech Applied Research will support DHS information safeguarding effort

$25 million project will advance DNA-based archival data storage