Lessons Learned From The FedRAMP Authorization Process

07/22/2015 - 15:00-07/22/2015 - 15:45
Room D
Experience level: 
Session Track: 

Business and Strategy

The purpose of this track is two-fold - one angle helps you to understand the advantages of Drupal from an organizational leadership angle and the other is to highlight the great Drupal sites and projects you're working on and to show what's possible. These sessions are business focused, and will be non-technical.


In 2011, the U.S. government launched the Federal Risk and Authorization Management Program (FedRAMP) program.  This program was created to provide a standardized method of evaluating the risk and security of providers of cloud-based services to the Federal government.    Cloud Service Providers (CSPs) are now required to be authorized under the FedRAMP program in order to provide cloud-based offerings to the Federal government.

In 2014, the speaker's employer (BlackMesh) began the process of FedRAMP authorization, bringing the speaker on board to lead the FedRAMP authorization process.  FedRAMP authorization for their offering is expected to be granted to the organization less than 12 months after starting the process.  This talk will use a case study overview of the FedRAMP authorization process for BlackMesh to illustrate portions of the process that worked well, as well as challenges and lessons learned.

Additionally, this presentation will provide attendees with an introduction to the FedRAMP authorization process, including the following

  • General requirements for FedRAMP
  • Strategies for successful FedRAMP authorization
  • Organizations best suited for pursuing FedRAMP authorization