A review of using SaaS to provide secure government and industry collaboration and business case management

Eric J. Van Hoose
Van Hoose Associates, Inc., Ohio, United States

Keywords: NIST, FedRAMP, adhoc, processes, workflows

Federal contractors, their supply chain and their government customers need a simple and secure way for doing business, without relying on emails. Cloud service providers, that meet the Federal Risk and Authorization Management Program, or FedRAMP provide these needed capabilities. FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves an estimated 30-40% of costs, as well as both time and staff required to conduct redundant agency security assessments. FedRAMP is the result of close collaboration with cyber security and cloud experts from the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) Council and its working groups, as well as private industry.