Nov 10 2023

FedRAMP Evolves to Meet Government Cloud Technology Needs

Could interest in software-defined WAN lead more agencies to use the program?

The Federal Risk and Authorization Management Program will evolve to keep pace with technology, according to an Oct. 27 release of draft FedRAMP guidance from the Office of Management and Budget.

Agencies increasingly want to follow industry in implementing software-defined WAN (SD-WAN), which connects to the cloud more efficiently using software overlays, but it’s a nonstarter if a vendor isn’t FedRAMP authorized.

OMB established FedRAMP in 2011 to streamline the adoption of cloud products and services by vetting their security once and allowing agencies to reuse the resulting authorities to operate. Congress codified the program last year, and now OMB has issued a draft memo proposing updates to its vision, scope and governance structure in light of advances in federal cybersecurity and the commercial cloud marketplace.

Click here to learn more about optimizing your cloud connection.

Agencies Want FedRAMP-Authorized SD-WAN

Cisco Meraki sells cloud-managed equipment — switches, security devices, cameras and access points — and announced in May that its FedRAMP authorization was in process. The hope is that its networking products, including the MX security and SD-WAN solution, will achieve authorization by the end of this year or early next year.

Once FedRAMP authorization occurs, those products will likely receive more buy-in from agencies and from the Department of Defense, in particular.

To date, the government has been slow to adopt SD-WAN, but CDW has seen interest and demonstrated the technology several times over the past two months. Next up is a proof of concept for the Navy at one of CDW’s labs.

SD-WAN products such as Cisco Meraki’s are getting FedRAMP authorized at the perfect time to capitalize on federal demand for more effective cloud connectivity.

On Ramp Sidebar


FedRAMP Use Will Continue to Increase

DOD has specific security requirements that often go further than FedRAMP. Technologies facilitating the transfer of sensitive data must be air-gapped, isolated from unsecure networks including the public internet.

That means that cloud and SD-WAN technologies aren’t likely to be worked into its secure networks, but there is interest on the unsecure network side of DOD and among civilian agencies.

OMB’s FedRAMP guidance is also intended to encourage more agencies to take advantage of solutions under authority to operate status — which historically hasn’t happened, though reuse is on the rise. The FedRAMP Marketplace is a one-stop shop to see in-process and authorized solutions and services.

As the now-codified program continues to mature and more agencies seek out cloud-enabled technologies that meet federal security requirements, they’ll recognize what a useful tool FedRAMP is.

This article is part of FedTech’s CapITal blog series.

CapITal blog logo

Getty Images: Blankstock, JulPo cundra

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT