Should FedRAMP Be Re-Envisioned in the Age of AI?

Government’s Concept of AI Has Evolved for the Better

Agencies’ biggest challenge with AI has always been applying industry use cases to their individual missions and scoping them into a contract that would be readily adopted, said Sam Navarro, strategic account executive for health IT at Microsoft.

Fortunately, the government’s concept of AI has also matured from it simply being used as large language models to becoming a capability, where an LLM is one part of the larger solution. This allows agencies to better understand their cybersecurity, compliance and pricing needs and then compare their desired capability with what is being proposed by vendors, said Navarro, who was formerly director of client experiences at Technology Transformation Services.

Agencies may still find automation or analytics tools lacking AI are sufficient, depending on the use case. When AI is preferred, agencies flush with legacy technologies need to carefully introduce it workload by workload to avoid suboptimization, said Daniel Chenok, executive director of the IBM Center for The Business of Government.

The 2024 Federal Agency AI Use Case Inventory released in December contains 2,133 use cases across civilian agencies. Reasons that number isn’t higher vary including data readiness, AI skills and tools, and public and private sector maturity, Rathod said.

Still, with AI rapidly evolving, agencies’ progress adopting the technology is likely to improve in a few months, he said.

Looking for a Small AI Use Case? Start With a Cloud Solution.

An agency’s purchase of AI should never be based on fear of missing out. Thoughtful implementation and organizational readiness remain important considerations, Rathod said.

Agencies should begin with a small AI use case and see what works. Cloud solutions are often great places to start because many now include AI tools such as Microsoft’s Information Assistant, which curates system data within an enclave and is often more cost-efficient and effective than deploying a chatbot, Navarro said.

“The beauty of a simple use case like that is the simplicity offers the ability to scale, and once you create that scalability, that becomes somewhat of a template — becomes a great story to tell,” Rathod said. “It’s something that people can rally behind.”

Agencies still need to verify that any AI vendors they choose to work with have a robust cyber platform around the technology, as well a comprehensive data management policy and ethics program or board ensuring privacy protection, transparency and explainability, said Chenok, who previously served as branch chief of the Office of Management and Budget.

Canada went so far as to put together a blanket purchase agreement asking AI companies about their security strategies, data protection and ethics profiles. Only those vendors that received the government’s approval were allowed to do business with it, which could serve as a model for the U.S.

RELATED: Agencies need to lay the groundwork for artificial intelligence if they’re to succeed.

Build a “Second Team” of AI Experts

AI technical expertise is scarce in government, as evidenced by its search for talent, but private sector and academic experts present a source of free advice for agencies wrestling with AI problems. Just make sure to speak with multiple AI vendors, if your agency looks to the private sector route, to formulate an objective answer.

“In times of austerity like we’re seeing today, it’s very important for agencies to build what I call your second team,” Navarro said. “It’s your ability to reach into a group of experts and get an unbiased opinion on how to move forward with a capability or solution you’re thinking of.”