Google has several services — as well as its underlying commercial cloud infrastructure — that have previously received FedRAMP High authorizations. But with this latest spate of authorizations, the company adds many services that are in demand for government customers, like AI, zero-trust security, and data and analytics tools.

In an interview with FedScoop ahead of the announcement, Leigh Palmer, vice president of technology, strategy and delivery for Google Public Sector, said this not only gives federal civilian agencies that work with highly sensitive data sets — like those in health care, law enforcement, finance and emergency response, among others — a long list of new tools to work with, but they’re also hosted in a commercial environment, which she said comes with added benefits.

“These are certified on our commercial cloud, not a separate [government-specific] cloud instance,” Palmer said, referencing the model some cloud vendors have used to create separate cloud enclaves limited only to government work for security reasons. “Which means that you have the full capability of commercial cloud, right? More regions, more elasticity, more data, compute, storage, etc.”

That’s particularly important, she said, as the Office of Management and Budget in draft guidance issued last fall pushes to modernize FedRAMP — short for the Federal Risk and Authorization Management Program — with more of a focus placed on agencies using commercial cloud services instead of the government-specific offerings.

“Instead of having physical separation, we have logical separation [through] encryption. So we can run the same workloads on our commercial cloud without having to have that physical separation,” Palmer said. “Whenever you have to do that, it’s going to be difficult to keep parity across the environments.”

On top of that, the compute-intensive tools — such as AI — that more and more agencies are beginning to use will stand to benefit from the scale of commercial cloud, she added.

“As you look towards AI and things that are going to require, you know, heavy, massive amounts of compute, it’s going to be much more cost-effective and easy for our customers to do that in a commercial cloud than in [a government-specific] environment,” Palmer said.

On the topic of the federal government’s recent work to modernize FedRAMP, she added that Google is “really optimistic and encouraged by the modernization changes that are happening at FedRAMP.”

“At the end of the day, I think what we all want is more capabilities in the government’s hands faster” and done so safely, Palmer said.

The new authorizations come after Google Public Sector last month announced that defense and intelligence agencies were approved to use Google’s air-gapped cloud platform, Google Distributed Cloud Hosted, to process top-secret workloads. Palmer called the achievements “complementary” to one another, and added that Google is continuing work to add more services that meet the Department of Defense’s IL-5 compliance for some of its most sensitive but unclassified workloads.

The post Google earns FedRAMP High authorization for more than 100 additional commercial services appeared first on FedScoop.

The Technical Advisory Group, part of a broader effort to engage stakeholders and support FedRAMP processes related to delivering emerging technology solutions to assist agencies, will inform decision-making on the technical, strategic and operational direction of the government-wide compliance program, according to a GSA press release. 

“This group will help make FedRAMP a smarter and more technology-forward operation that better meets its goals of making it safe and easy for federal agencies to take full advantage of cloud services,” Eric Mill, GSA’s executive director for cloud strategy in Technology Transformation Services, said in the statement. 

Members of the inaugural group are: Laura Beaufort, technical lead with the Federal Election Commission; Paul Hirsch, technical lead with TTS; Michael Boyce, director of DHS’s AI Corps; Elizabeth Schweinsberg, senior technical adviser at CMS; Grant Dasher, architecture branch chief in the Cybersecurity and Infrastructure Security Agency’s Office of the Technical Director; Nicole Thompson, cybersecurity engineer with the Department of Defense’s Defense Digital Service; and Brian Turnau, cloud authorization program manager with GSA’s Office of the Chief Information Officer.

Laura Gerhardt, director of technology modernization and data in the Office of Management and Budget, said in a statement that “the TAG is well-positioned to provide valuable insights into streamlining processes, enhancing security postures and adapting to novel technology implementations so that agencies can leverage the full potential of FedRAMP.” 

GSA released a new roadmap for modernization efforts through the FedRAMP program in March and has since revealed a slew of other FedRAMP-related announcements.

The post GSA taps seven federal tech experts for new FedRAMP advisory group appeared first on FedScoop.

The Federal Secure Cloud Advisory Committee will tap Lawrence Hale as the new committee chair effective May 15. Hale, who serves as deputy assistant commissioner within the Office of Information Technology Category Management for GSA’s Federal Acquisition Service, will act as a liaison for the group and as its designated federal officer, as well as serving as a spokesperson for committee work products. 

“The inaugural committee has provided great value and insight over the past year to help ensure secure adoption of cloud computing products and services across agencies,” GSA Administrator Robin Carnahan said in a press release. “We are grateful to all our committee members for bringing their wealth of cloud expertise to help the committee continue equipping agencies with what they need to address ever-evolving threats in order to securely deliver for the American people.”

Two vacant FSCAC seats will be filled by Josh Krueger, chief information security officer for Project Hosts, and Kayla Underkoffler, lead security technologist at HackerOne. Carlton Harris, senior vice president of End to End Solutions, will also join the committee, serving a full three-year term.

Michael Vacirca, a senior engineering manager at Google who has served one year on the council, was reappointed to a full term.

The committee’s inaugural appointments were made last year, with Ann Lewis, director of GSA’s Technology Transformation Services, serving as chair.

The post GSA appoints new members to FedRAMP advisory committee appeared first on FedScoop.

But for the General Services Administration, the decision to go all-in on AI wasn’t really up for debate.

“We’re doing this because it’s GSA’s job to have shared services for the government,” GSA Administrator Robin Carnahan said Thursday. “And generative AI tools are going to be a giant help in that.”

Speaking at AIScoop’s AITalks event, Carnahan said GSA is currently operating seven different sandbox environments, and there’s “more to come” across the agency with AI. Fully embracing the technology is a matter of recognizing that public- and private-sector tech leaders are “going to decide whether we’re on the right or wrong side of history on this topic, whether we get it right for the American people,” she said. “If we do, it opens up all kinds of possibilities.”

Exploring those possibilities to the fullest extent comes down to buying “best-in-class AI technologies,” Carnahan said. The agency plans to partner closely with industry, she added, and its IT category management office within the Federal Acquisition Service is in the process of developing an acquisition resource guide for generative AI and specialized computing infrastructure. 

“This is a big deal,” Carnahan said, “because procurement officers need to know about these new technologies. A sneak peek of what you’re gonna see in there is going to identify a lot of common challenges. It’s gonna identify use cases. It’s gonna help procurement officers navigate the marketplace so the missions of these agencies can be fulfilled.” 

The GSA is also focused on highlighting products that already have FedRAMP approval, part of the newly released roadmap for the federal government’s cloud services compliance program. Carnahan said that the strategy document is aimed at making FedRAMP more scalable, more secure and easier to use.

For any budget-strapped agency considering new AI projects, Carnahan pushed the Technology Modernization Fund as a means to “go outside your budget cycle and get access to funding for these new tools.” TMF is currently soliciting proposals from agencies with ideas for AI projects. 

“We expect to see a lot of interest from across the government,” Carnahan said. “If your agency hasn’t thought about using the TMF for your AI proposals, you should do that. Now is the best time for it.”

For the GSA internally, a new Login.gov pilot leveraging facial matching technology best represents the agency’s commitment to “using technology ethically and responsibly and securely for the public good,” Carnahan said. The pilot will help people verify their identities remotely, though the GSA is pledging to minimize data retention and ensure “that personal information is protected and not shared. And it is never sold.”

This next phase of the GSA’s work on the governmentwide single sign-on and identity verification platform, which includes a partnership with the U.S. Postal Service, is emblematic of what the agency views as its mission to deliver secure and inclusive products. And although there are “precarious uncharted waters ahead” when it comes to full-scale adoption of AI tools and systems, Carnahan is bullish on the government’s prospects.

“We know that by working together through our government teams, industry teams, that we can get to the other side,” she said. “The American people are counting on us to get it right. There is no time to waste. So let’s all get to work.”

The post GSA administrator: Generative AI tools will be ‘a giant help’ for government services appeared first on FedScoop.

The platform is built on the customer relationship management software company’s existing Einstein 1 platform and includes features to transcribe calls for contact center workers and assist caseworkers with generating reports and documenting information.

“This is the kind of work that requires a lot of expertise and there’s never enough people to handle it,” Casey Coleman, senior vice president of global government solutions at Salesforce, told FedScoop in an interview on the sidelines of the company’s conference in Washington. 

Coleman said the system will cut down administrative time for government employees and “leave the experts to do the job of really interacting with people and making sure that the answer is provided to them.”

The announcement came during the company’s “World Tour D.C.” event, which included panels with multiple government customers from agencies like the U.S. Agency for International Development and the Internal Revenue Service. 

Other software companies — such as IBM and Microsoft — have also announced new AI tools for government in recent months, as interest in the technology continues to grow in the public sector. Meanwhile, the Biden administration is working to create guidance for procurement of those tools. The Office of Management and Budget is planning action on federal procurement of AI later this year and released a request for information on that work.

Coleman said interest in AI from public sector partners has “spiked up,” particularly for uses related to administrative work and things that can be tested quickly.

“Every conversation we have with public sector customers, or prospective customers, includes AI to some degree,” Coleman said. “Everyone is thinking about it — everyone is looking for use cases to test it on.”

Also on Wednesday, Salesforce announced that its Field Service, Privacy Center and Security Center tools are authorized for FedRAMP’s “high” impact level and the Department of Defense’s “Impact Level 5,” which means they’re cleared to be used with the government’s most sensitive unclassified data. GovSlack also achieved FedRAMP “high” authorization in February. 

The post Salesforce launches ‘Einstein 1’ generative AI tool for government appeared first on FedScoop.

Modernizing the governmentwide compliance program for cloud services has been top of mind for Washington IT leaders in recent years, most notably with the passing of the FedRAMP Authorization Act in 2022 and the release of an Office of Management and Budget draft policy memorandum on overhauling program operations and governance in 2023.

The Thursday release of FedRAMP’s roadmap represents an acknowledgment from the program’s leadership that federal agencies have much more varied needs compared to at its launch 13 years ago when the top priority was easing the path for cloud computing infrastructure’s implementation into the federal government.

“It is critical that FedRAMP be well-positioned to make sure federal agencies get the full benefit of these software-as-a-service (SaaS) cloud offerings,” the FedRAMP program office said in a blog post.

“While SaaS applications are used in government, and FedRAMP does have some in its marketplace, it’s not nearly enough and it’s not working the way that it should. We know that for many companies, especially software-focused companies, it takes too much time and money to get a FedRAMP authorization. And we’re particularly cognizant that we need to scale and automate our own processes beyond where they’re at now if we want to meaningfully grow the FedRAMP marketplace.”

The roadmap features four primary goals as part of its modernization push: centering FedRAMP around customer experience, positioning the program as a cybersecurity and risk management leader, substantially scaling the size and scope of the marketplace, and bolstering the program’s effectiveness through the use of automation and other “technology-forward operations.”

For fiscal year 2024, FedRAMP aims to check off 10 boxes related to its four primary goals, including the release of updated guidance on FIPS 140, the formation of initial joint authorization

groups, the launch of a pilot for machine-readable “digital authorization packages” with cloud providers and federal agencies, and the proposal of new key performance metrics, among others.

In the first and second quarters of fiscal 2025, FedRAMP plans to incorporate the Cybersecurity and Infrastructure Security Agency’s Secure Cloud Business Applications (SCuBA) guidelines into secure configuration profiles, publish “low-review FedRAMP authorization criteria” and begin migration to a new FedRAMP platform.

As part of the rollout of its roadmap, FedRAMP on April 11 will host a public forum and answer questions about the updated plan. And at some point next month, the organization will open the application process on USAJobs.gov for a new FedRAMP director, after its most recent chief, Brian Conrad, departed. 

The post New FedRAMP roadmap details imminent plans for modernization appeared first on FedScoop.

In a new report, the Government Accountability Office said that while agency use of FedRAMP — the Federal Risk and Authorization Management Program — increased by about 60% between July 2019 and April 2023, the Office of Management and Budget and the General Services Administration, which the program operates under, still have work to do to alleviate challenges.

Several agencies, for example, disclosed that they used services that were not FedRAMP-authorized, despite an OMB requirement that all executive branch agencies use providers authorized by the program, the report said. That’s due in part to the absence of program oversight, GAO said.

“One reason that agencies have continued to use cloud services that are not FedRAMP authorized is that OMB has not adequately monitored agencies’ compliance with the program, as we recommended in our December 2019 report,” the report said. GAO has labeled that recommendation a priority. 

FedRAMP was created in 2011 to give federal agencies a standard process to authorize secure cloud services across the federal government. However, many in the federal IT space — particularly those firms that wish to provide cloud services to agencies — have criticized the program for being too slow-moving, costly and inconsistently implemented, creating a barrier to entry for some commercial cloud companies. In the decade-plus since FedRAMP was created, there have been numerous attempts via operations, policy and law to reform and tweak the program.

The GAO report ultimately made three new recommendations. It said OMB should issue guidance on tracking the cost of sponsoring a FedRAMP authorization and finalize its proposed guidance. It also said that GSA should develop a plan for guidance on how cloud service providers can navigate a specific Federal Information Processing Standard (FIPS 140-3) requirement, which is needed for authorization.

According to the report, GSA agreed with its recommendation and OMB didn’t comment on its recommendations. 

The watchdog acknowledged that OMB and the FedRAMP program management office within GSA have efforts underway to address some of the issues, including proposed guidance from OMB aimed at modernizing the program and FIPS guidance. But until each of those pieces of guidance is finalized, “the challenges may continue to increase the time spent and costs incurred when pursuing FedRAMP authorizations,” GAO said.

In a Thursday statement, Rep. Gerry Connolly, D-Va., who wrote the bipartisan FedRAMP Authorization Act, said he “welcomed” the report and is “encouraged by GAO’s finding that the guidance the Administration is developing pursuant to the FedRAMP Authorization Act will address the deficiencies in the program that GAO has identified.” 

“I urge OMB and GSA to finalize relevant FedRAMP guidance and agency implementation plans as required by the legislation, which we fought hard to enact,” said Connolly, who serves as ranking member of the House Subcommittee on Cybersecurity, Information Technology, and Government Innovation.

Among the issues GAO highlighted in the report were differences in how costs for FedRAMP authorizations are apprised. Its review of cost estimates from cloud services providers and agencies found variation “anywhere from tens of thousands to millions of dollars.” That’s partially the result of agencies and providers using different methods for the costs they included, the report said. It pointed to a lack of guidance.

“The varying methods were allowed as OMB had not provided agencies with guidance on what costs should be tracked and reported for pursuing authorizations,” the report said. “Accordingly, the lack of consistent data will prevent OMB from determining whether its goal of reducing FedRAMP costs will be achieved.”

The report also found that cloud services providers going through the FedRAMP authorization process had to change their encryption methods to adhere to a security requirement for those systems under the Federal Information Processing Standards, a set of IT requirements published by the National Institute of Standards and Technology. Cloud service providers need to comply with FIPS to achieve FedRAMP authorization, the report said.

According to the report, the acting director of FedRAMP said the program management office has draft guidance being reviewed by OMB that will address issues with the FIPS requirements but didn’t provide a timeline for issuing that guidance.

The post Agency FedRAMP usage increased but challenges persist, watchdog finds appeared first on FedScoop.

Take for instance the U.S. government’s General Services Administration (GSA), which went from 17 different email and messaging services to one, creating a faster and more efficient platform; or how the National Institute of Health (NIH) changed its approach to cancer research by securely and safely sharing a wide collection of up-to-the-minute datasets and providing powerful new analysis tools. 

We saw these advances in government enabled by one particular technology: cloud. As promising as these results are, what matters most for the long term is approaching cloud services through the lens of solving issues of the present, while simultaneously setting up for the future. 

Ending an old habit 

Having spent three decades providing technology to the government, I’m no stranger to building solutions by applying a technological know-how with a deep understanding of public sector agencies and their missions. Too often in government, we see the sustainment of past technologies, which keeps systems afloat, but does nothing to address present and future needs. Legacy solutions, simply put, just don’t have the scale or speed capable of handling the workloads and requirements of today’s world.

Like much of the private sector, our government services are becoming more data-driven, demanding an IT environment that will support the digital-first approach. Government is first and foremost a people business, delivering citizen-centric services, education, public safety, national security, and more, all of which require secure and reliable systems where AI and ML capabilities can promote quick, agile, and efficient services to constituents. And all AI and ML capabilities boil down to one thing: data. That data must exist in a secure environment, and the best way to secure an environment is to modernize.

We’ve seen too many security breaches from exploits of buggy software and obsolete security systems, and at a local level, ransomware attacks are rife.

Modernizing the infrastructure through thoughtful cloud implementation can solve these issues. In the cloud, system management and upgrades are easier; performance data more readily available. Personnel training is more flexible and accessible. Application modernization is more automated. Data management and analysis are more nimble, with faster output and lower time to insight. 

Bringing the cloud forward

Infrastructure modernization goes beyond simply moving data and applications from on-prem to the cloud. Modernizing means reimagining the approach to the entire IT environment and rebuilding with a new mindset that assumes cloud as the default. Cloud-native is that approach. 

Unlike monolithic applications, which must be built, tested, and deployed as a single unit, cloud architectures decompose components into loosely coupled services to improve the speed, agility, and scale of software delivery, making applications easier to deploy, edit and integrate with other applications. Because of its inherent pliability, this approach lends itself better to building and deploying emerging technologies, like edge computing, AI, ML, and more. 

For example, to train AI/ML models, agencies need high volumes of diverse, credible data with a lot of computational power and that can only be done in the cloud. According to the U.S. Chamber of Commerce Technology Engagement Center, the U.S. spends $143 billion on information collection just at the federal level. This is a wealth of information that — in a modern infrastructure that can protect and process said data — could create opportunities for citizen engagement and service delivery that we’ve only dreamt of until now. But for that, government agencies will need to begin thinking differently about their cloud strategy. 

In order to be a cloud-native organization in the public sector, you cannot continue to just do things the way you have always done them. This is why, over a decade after establishing FedRAMP, the Office of Management and Budget (OMB) outlined modernized guidance on cloud deployment, steering government agencies away from dedicated GovClouds. The OMB has recognized that dedicated GovClouds are not cutting it for government agencies to modernize their infrastructure and that agencies need a better approach to cloud computing that delivers commercial-grade scale and flexibility, all the while remaining secure and compliant. 

In 2024, we are going to see a major shift in the technology landscape in government towards modernization. In order to do so, government and public agencies must evolve culturally and procedurally with flexibility and the courage to modernize by reimagining for the future.

The post Reimagining tech modernization for the future in government  appeared first on FedScoop.

While the comment period has so far been fruitful, the points and questions brought to the agency’s attention have also been “challenging,” Drew Myklegard, the deputy federal CIO, said during a fireside chat Thursday at CyberTalks. And because of that, OMB needs additional time to take those into account and continue to converse with the public.

OMB issued the draft FedRAMP guidance late last month, broadly pushing to scale FedRAMP-approved products and adoption across government, enhance security and more widely automate FedRAMP processes.

Speaking to the extension, Myklegard said: “We’re doing that because we really think there’s a great conversation going on. We want to continue that. Some of the feedback that we got was actually really challenging.”

A notice in the Federal Register will be going out Nov. 20 extending the comment period through Dec. 22 “to allow additional time for the public to review and comment on the initial proposals.” The original deadline was Nov. 27.

Myklegard’s comments came a day after OMB and the General Services Administration — which houses the FedRAMP program management office — hosted a public engagement forum. He said “about 400 people” showed up to that, “which is a great turnout for an OMB memo.”

The deputy federal CIO shared that the topics that commenters have been most focused on have been reciprocity between FedRAMP and other cloud security authorization programs, control validation and presumption of adequacy for vendors across federal agencies.

“So ensuring that if, when a company does go through the FedRAMP process, that they can then … take that document and take it from agency to agency and it will be accepted,” Myklegard said.

He added that the public has also made OMB aware that it needs to go back to the drawing board with some language and concepts promoted in the guidance. On security and red teaming, he said, “that means a lot of different things to different companies and we need to go back and examine what exactly we want to try and achieve as outcomes with red teaming.”

Similarly, with shared infrastructure, OMB is revisiting how to motivate cloud service providers to merge their commercial offerings and government-focused offerings together “so the government gets the best product with the best features and the best security,” Myklegard said.

And finally, the administration wants to make it less burdensome for vendors to “run the gauntlet of FedRAMP,” he said, adding that OMB has received comments about possibly using open-source templates that could help with that.

“There’s a lot of room in the FedRAMP process with friction and [manual] steps that are causing too long of times from when people identify a product that they need until they can employ it,” Myklegard said of the need for the updated guidance.

Myklegard didn’t know exactly when the final guidance could drop because the extension will push that out a bit.

“Obviously, it’s gonna be a little bit longer because we’re extending the time period, but we’re gonna work diligently to get those comments included. Depending on how much change we make in the memo, it will determine how much review we have to do. We’ll put that back out to the agencies to make sure we get their feedback, because they’re going to be the ones implementing it.”

“So it’s critical that they are going to have the resources and be aligned to do that. Then you should see it like early 2024,” he said.

Editor’s Note, 11/17/2023 at 3:38 p.m.: This story has been updated with additional information on the extension that will be published in the Federal Register.

The post OMB extends comment period for new FedRAMP guidance appeared first on FedScoop.

GSA Administrator Robin Carnahan told FedScoop in an interview at the signing ceremony for the executive order that the policy will push her agency to protect government data and use it responsibly within AI tools, encourage experimentation of the technology — particularly generative AI — and increase the pipeline of AI talent using additional resources.

“We’re very focused on protecting our data and figuring out how to use our datasets in ways that are responsible and aren’t subjected to misrepresentations of other things. So that’s the number one goal from the EO,” Carnahan told FedScoop. 

“We’re also very focused on experimentation. We’re encouraging people to try new AI projects — we’re tracking it very closely but we’re also encouraging experimentation of AI. In fact just yesterday, I signed up for access to be able to use these popular generative AI tools myself – three or four of them that I was allowed to use. So talk to me about that in a few weeks,” she added.

GSA, which plays a key role in the federal government’s procurement of software, could leverage its buying data with AI tools to get lower costs and better value for federal agencies.

“We want to use AI to advance our mission and do things more effectively. We do a lot of procurement, for example, so there’s lots of potential for using our huge amounts of data and using AI to get the best prices and best value for the agencies that we represent. And also open up opportunities for businesses,” Carnahan said.

Carnahan said earlier this year that GSA is “laser-focused” on hiring talent to get the right expertise needed to update the agency’s processes and systems. Biden’s AI executive order has only intensified and clarified the need to do this as soon as possible, particularly when it comes to drastically increasing the number of skilled AI workers in the federal government. 

“One of the things that we’re tasked with doing in the EO, along with some other agencies, is to really spend time recruiting talent into government. We’ve got a couple of places to do that with like the Presidential Innovation Fellows program and the U.S. Digital Corps — both of which are going to be targeting specifically bringing more AI talent in the government and that’s both for GSA, but as you know, they will get spread around all federal agencies,” said Carnahan.

She added that GSA plans to “incrementally expand” the two tech talent programs for the purposes of executing the AI executing order’s requirement of meeting the demand for AI skilled workers. 

Carnahan earlier this year said federal agencies have the money and momentum to improve service delivery and customer experience, which she hopes can be achieved more quickly through AI tools and their underlying infrastructure powered by powerful cloud resources. The modernization of the Federal Risk and Authorization Management Program (FedRAMP) will be key to that.

“The other thing we’re very focused on is FedRAMP. So it’s our job to be able to, you know, get FedRAMP portable for these cloud resources. And there are gonna be more and more of these AI-related asks. So making sure that’s a streamlined process, so people can have access to tools is going to be important,” the administrator said.

The post Executive order gives GSA a lead role in executing the administration’s AI vision, Carnahan says appeared first on FedScoop.