https://content.leadquizzes.com/lp/fk1JL_FgeQ

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/

Want to listen to other episodes? www.Federaltechpodcast.com

FedRAMP was launched fourteen years ago; today we get an update on metrics and use cases to help companies considering certification.

James Leach has been immersed in the world of FedRAMP since the beginning. Today, he gives listeners insight on navigating the FedRAMP compliance process.

Commercial companies understand, in detail, the business problem they can solve. For some reason, when it comes to the federal government, they think they can “copy and paste” a business case and have it resonate.

When they apply, they may reference a single-threaded business case without federal business. Or they may promote an on-premises model and not include a cloud reference. Finally, organizations may dive into a hybrid cloud environment where it is a challenge to get sponsors.

First, one must do business with an agency and understand their requirements in detail; they will have different priorities from a regular “for profit” company. You will also need an agency to sponsor your application.

Once these basic hurdles are achieved, then one can begin to study cloud reference architecture. During the interview, James Leach gave several guidelines.

>> You need to understand FedRAMP more as a maturity model than a checklist for compliance.

>> You need to understand the controls but, more importantly, how the mandates are implemented.

Commercial companies can expend considerable resources to achieve FedRAMP certification, only to get frustrated in the end. FedRAMP is not a walk in the park and must be taken seriously.