Small businesses need lawmakers to ease barriers to product authorization through the Federal Risk and Authorization Management Program, according to industry and federal CIOs speaking before Congress.
FedRAMP is the entity charged with evaluating security and authorizing cloud products. During a House Subcommittee on Government Operations hearing on the program, CIOs noted challenges for small business in getting offerings approved, such as a lack of transparency with the length of the process and cost.
Or some don’t know it exists it all.
“A lot of small businesses are unaware of the process itself, the security requirements that we have,” said Anil Cheriyan, the director of technology transformation services at the General Services Administration.
It took 20 months for Virtru, a small data protection start-up, to get its product FedRAMP authorized for a federal agency to use, according to testimony from Virtru’s CTO Will Ackerly. From the beginning, he said, “it was also unclear upon entering the process how long it would take.” The process cost the company $1.6 million, he told lawmakers.
Entering the FedRAMP approval process can be a “high-risk decision for most small companies” because of the cost “when combined with unknown timelines,” he said.
Looking back, Ackerly said that if his company hadn’t received an agency sponsorship to go through the FedRAMP process, it may not have made it through.
Continue reading at: Federal Times