| 1 | | 11. Evaluate OMB Memoranda, CISA Binding Operational Directives, CISA Emergency Directives, and other federal mandates to determine authorities and applicability to FedRAMP. | 12. Evaluate AI and other emergency technology privacy and security requirements. | 9. Review Issues related to specific controls and recommend solutions. | 3. Propose specific improved guidance for 3PAOs (including cryptographic module validation, boundary guidance, third party integration, DNSSEC, and other specific controls). Research and suggest ways to grow and activate the 3PAO marketplace. | |
| 2 | | 1. Identify challenges and propose solutions around the barrier to entry for small businesses, 3PAOs, small & large agencies. | 3. Propose specific improved guidance for 3PAOs (including cryptographic module validation, boundary guidance, third party integration, DNSSEC, and other specific controls). Research and suggest ways to grow and activate the 3PAO marketplace. | 6. Consider ways to expedite the certification process – explore agile authorizations and other potential cost reductions, both labor and financial. | 14. Evaluate a minimum risk threshold / minimum acceptability standards for sponsoring agencies. | 11. Evaluate OMB Memoranda, CISA Binding Operational Directives, CISA Emergency Directives, and other federal mandates to determine authorities and applicability to FedRAMP. |
| 3 | | 14. Evaluate a minimum risk threshold / minimum acceptability standards for sponsoring agencies. | 6. Consider ways to expedite the certification process – explore agile authorizations and other potential cost reductions, both labor and financial. | 12. Evaluate AI and other emergency technology privacy and security requirements. | 10. Propose recommendations for an ATO decomposition strategy for efficient inter-agency reuse. | 15. Evaluate a FedRAMP status for CSP offerings that are likely only to be used by one agency. |
| 4 | | 14. Evaluate a minimum risk threshold / minimum acceptability standards for sponsoring agencies. | 7. Consider meaningful metrics for FedRAMP to use, including SLAs for different steps/methodologies to enable agile authorizations. | 6. Consider ways to expedite the certification process – explore agile authorizations and other potential cost reductions, both labor and financial. | 1. Identify challenges and propose solutions around the barrier to entry for small businesses, 3PAOs, small & large agencies. | 9. Review Issues related to specific controls and recommend solutions. |
| 5 | | 1. Identify challenges and propose solutions around the barrier to entry for small businesses, 3PAOs, small & large agencies. | 6. Consider ways to expedite the certification process – explore agile authorizations and other potential cost reductions, both labor and financial. | 7. Consider meaningful metrics for FedRAMP to use, including SLAs for different steps/methodologies to enable agile authorizations. | 13. Evaluate and advocate for appropriate resources (combine with any of the priorities). | 14. Evaluate a minimum risk threshold / minimum acceptability standards for sponsoring agencies. |
| 6 | | 1. Identify challenges and propose solutions around the barrier to entry for small businesses, 3PAOs, small & large agencies. | 6. Consider ways to expedite the certification process – explore agile authorizations and other potential cost reductions, both labor and financial. | 11. Evaluate OMB Memoranda, CISA Binding Operational Directives, CISA Emergency Directives, and other federal mandates to determine authorities and applicability to FedRAMP. | 14. Evaluate a minimum risk threshold / minimum acceptability standards for sponsoring agencies. | 5. Evaluate implications from draft OMB FedRAMP memorandum and propose recommendations. |
| 7 | | 10. Propose recommendations for an ATO decomposition strategy for efficient inter-agency reuse. | 9. Review Issues related to specific controls and recommend solutions. | 11. Evaluate OMB Memoranda, CISA Binding Operational Directives, CISA Emergency Directives, and other federal mandates to determine authorities and applicability to FedRAMP. | 1. Identify challenges and propose solutions around the barrier to entry for small businesses, 3PAOs, small & large agencies. | 12. Evaluate AI and other emergency technology privacy and security requirements. |
| 8 | | 6. Consider ways to expedite the certification process – explore agile authorizations and other potential cost reductions, both labor and financial. | 1. Identify challenges and propose solutions around the barrier to entry for small businesses, 3PAOs, small & large agencies. | 14. Evaluate a minimum risk threshold / minimum acceptability standards for sponsoring agencies. | 7. Consider meaningful metrics for FedRAMP to use, including SLAs for different steps/methodologies to enable agile authorizations. | |
| 9 | | 3. Propose specific improved guidance for 3PAOs (including cryptographic module validation, boundary guidance, third party integration, DNSSEC, and other specific controls). Research and suggest ways to grow and activate the 3PAO marketplace. | 12. Evaluate AI and other emergency technology privacy and security requirements. | 5. Evaluate implications from draft OMB FedRAMP memorandum and propose recommendations. | 13. Evaluate and advocate for appropriate resources (combine with any of the priorities). | 10. Propose recommendations for an ATO decomposition strategy for efficient inter-agency reuse. |
| 10 | | 12. Evaluate AI and other emergency technology privacy and security requirements. | 10. Propose recommendations for an ATO decomposition strategy for efficient inter-agency reuse. | 4. Consider whether FedRAMP should evaluate privacy requirements and BODS specific to AI or other emerging technologies. | 7. Consider meaningful metrics for FedRAMP to use, including SLAs for different steps/methodologies to enable agile authorizations. | 1. Identify challenges and propose solutions around the barrier to entry for small businesses, 3PAOs, small & large agencies. |
| 11 | | 5. Evaluate implications from draft OMB FedRAMP memorandum and propose recommendations. | 6. Consider ways to expedite the certification process – explore agile authorizations and other potential cost reductions, both labor and financial. | 1. Identify challenges and propose solutions around the barrier to entry for small businesses, 3PAOs, small & large agencies. | 7. Consider meaningful metrics for FedRAMP to use, including SLAs for different steps/methodologies to enable agile authorizations. | 1. Identify challenges and propose solutions around the barrier to entry for small businesses, 3PAOs, small & large agencies. |
| 12 | | 1. Identify challenges and propose solutions around the barrier to entry for small businesses, 3PAOs, small & large agencies. | 6. Consider ways to expedite the certification process – explore agile authorizations and other potential cost reductions, both labor and financial. | 8. Propose recommendations on how to create and maintain a knowledge base from multi-stakeholders. | 12. Evaluate AI and other emergency technology privacy and security requirements. | 9. Review Issues related to specific controls and recommend solutions. |