FedRAMP is undergoing a major overhaul, shifting from a rigid, government-driven model to one that prioritizes industry collaboration and continuous validation, Federal News Network reports.
Speaking at an industry event, FedRAMP Director Pete Waterman announced the launch of “FedRAMP 2025,” calling on cloud providers to develop security innovations while the government sets standards.
“You bring the solutions, we’ll vet them with agencies and set standards to match,” Waterman said.
The initiative aims to replace outdated checklist-based compliance with automated security verification and key security indicators. To support this shift, FedRAMP is launching working groups on continuous monitoring, automation, and framework application. Waterman acknowledged that the government does not have all the answers but emphasized a community-driven approach.
“If the approach is reasonable and the outcome is legit, we’ll validate the approach, any approach,” he stated. The program will use GitHub for transparency and collaboration as it moves toward a more dynamic security model.
