Back to Insights

Fast-Tracking the Future: FedRAMP’s Framework for Authorizing Emerging Technology

July 3, 2024

In response to the President’s Executive Order 14110 on the safe, secure, and trustworthy development and use of Artificial Intelligence (AI), FedRAMP is rolling out an innovative framework to prioritize emerging technologies (ETs) for FedRAMP authorization. This new framework will ensure the most critical cloud-relevant ETs are fast-tracked for use by federal agencies, creating a more efficient authorization process for critical technologies in the public sector.

What Are Emerging Technologies?

ETs refer to the latest advancements in the tech world, which include cutting-edge tools and systems that have significant potential to impact federal operations, particularly in cloud computing. The initial focus is on:

  • Chat Interfaces: Chatbots powered by AI for improved user interaction.
  • Code-Generation and Debugging Tools: AI-assisted tools to streamline coding processes and identify errors.
  • Prompt-Based Image Generators: AI systems that create images based on user prompts.

How Will the Framework Work?

  • Operational Framework for Prioritization

The new framework aims to streamline the authorization process for cloud service providers (CSPs) offering ET capabilities. Prioritization is limited to specific technology types and capabilities (as previously discussed), with no more than 3 ET capabilities evaluated at any time. Key take away here is once the target number of CSOs for a particular ET is authorized, further prioritization for that capability is paused. Therefore, CSPs with relevant ET capabilities should apply promptly to avoid delays, as subsequent applications will return to the standard queue.

  • Integration with Existing Processes

The good news is that there is no new authorization process. The prioritization will enhance, rather than replace, the existing FedRAMP authorization paths. This means that while CSPs with prioritized ET capabilities will be fast-tracked, they will still undergo the thorough review and validation against FedRAMP’s established security controls.

  • Initial Targets and Scalability

FedRAMP will initially prioritize up to 12 CSOs: three each for the specified generative AI capabilities and APIs. Once the target number of authorized CSOs for each ET capability is reached, additional CSOs offering the same capabilities will revert to the standard review process.

However, FedRAMP recognizes the rapid pace of technological advancement and the need to continually evaluate and adapt its prioritization framework. The Board may approve additional rounds of prioritization based on demand, ensuring that federal agencies have access to the latest and most secure technologies.

Prioritization Process

The prioritization process resembles the previous FedRAMP JAB prioritization. CSPs aiming to expedite their ET capabilities through FedRAMP should:

  1. Nominate ETs:Coordinate with agencies and submit proposals for ET capabilities.
  2. Submit ET CSO Request:Complete and submit the necessary forms outlining how their offerings meet the ET criteria.
  3. Qualification and Queue Placement: Once approved, prioritized CSOs will move to the front of the review queue.

FedRAMP’s new framework is a game-changer. By prioritizing critical technologies and empowering agencies, this framework cuts through red tape. It builds on existing authorization processes for a smooth transition, empowers agencies to leverage cutting-edge AI safely and quickly, and ultimately expedites the use of these technologies to transform public services.

How KyberStorm can help?

Our tailored framework is crafted to thoroughly prepare CSOs for FedRAMP authorization and future compliance challenges. Drawing from extensive customer experience, we’ve identified the most significant pain points and developed a comprehensive solution that ensures a fully compliant environment while embedding robust practices. Our approach emphasizes transforming organizational culture to support new processes. CSPs working with us can expect:

  • Fully compliant system architecture design
  • Comprehensive and compliant documentation
  • Personnel training for new roles
  • New organizational processes aligned with FedRAMP requirements
  • Continuous monitoring services for the first three months, extendable as needed
  • Red team exercises to test and validate security measures