FedRamp – 4 Years Later – Approving Commercial Cloud Offerings

Co-sponsored by: ISSA-NOVA

Presented by Mr. Matt Goodrich, FedRAMP Director & Michael Carter, Veris Group Service Lead

Thursday, September 15, 2016
5:30 PM – Networking and Dinner 6:30 – 8:00 PM – ISSA NOVA Announcements & Program 

FedRAMP has been operational for over 4 years now. Changes have been made along the way to clarify and streamline the process of approving commercial cloud offerings. The process now is greatly different from 2012. What’s changed? What’s on the horizon? Matt Goodrich (FedRAMP Director) and Michael Carter (Veris Group 3PAO Service Lead) will break down these questions and provide a Q&A for anything related to the program. 
Matt Goodrich is the Director for the Federal Risk and Authorization Management Program (FedRAMP) in GSA’s Office of Citizen Services and Innovative Technologies. 

Matt has worked on FedRAMP as part of the Federal Cloud Computing Initiative since August of 2009. In this role, he manages the FedRAMP Program Management Office and sets the overall direction of the program. As a mandatory Federal-wide initiative, FedRAMP is one of the leading cloud computing security programs paving the way for cloud adoption and ensuring the security of cloud computing solutions used by the US
Government. 

Matt has focused his career on removing the barriers to cloud adoption across the Federal government. He was part of the team that created the first government-wide cloud procurement vehicles through Apps.gov as well as the IaaS and cloud email BPAs at GSA. He authored two of the integral documents in the Administration’s push for cloud adoption. First, during his tenure at OMB, he was the key author of Security Authorization of Information Systems in Cloud Computing Environments which created the FedRAMP program. Second, he co-wrote Creating Effective Cloud Computing

Contracts for the Federal Government: Best Practices for Acquiring IT as a Service which provides guidance to agencies in how to procure cloud services and was published through the CIO and CAO Councils. 
Matt has been recognized for his efforts by receiving a Federal Computer Weekly Fed100 award in 2013, a GSA Administrator’s Award in 2014, and a FierceGovernmentIT Fierce15 Award in 2015. He began his career in the Federal government as a Presidential Management Fellow (PMF) in 2009. Matt has a BBA in Computer Information Systems from the University of Miami (FL) and a Juris Doctor from the University of Denver. 
Michael Carter is the 3PAO (third-party assessment organization) Service Lead for the Veris Group, which supports FedRAMP.  
   
As “cloud first” evolved from a federal aspiration to an actual practice, 2015 saw a surge of cloud service providers seeking authorization under the Federal Risk and Authorization Management Program (FedRAMP). Each one required a 3PAO in order to achieve compliance. For those cloud providers who have successfully navigated the FedRAMP program, Michael’s team has been involved in at least half of all FedRAMP-approved cloud offerings from either an advisory or an assessment perspective to date. He currently serves as the VP of Veris Group’s Governance, Risk, and Compliance practice where he is responsible for managing a team of security assessors, consultants, and engineers responsible for ensuring commercial cloud offerings are properly deployed, documented, and secured for Government use. 

A former government IT specialist himself, Michael has worked on FedRAMP since the program’s beginning, including serving as the Project Manager for the very first FedRAMP-approved Joint Authorization Board (JAB) Provisional Authorization (pATO) back in 2012. He collaborates closely with the FedRAMP PMO and DISA on possible process improvements and has established himself as a key resource for the government’s cloud security community. In April 2016, he received the Federal Computer Weekly Fed100 award for his support of the FedRAMP program. 

Agenda:

Thursday, September 15, 2016

5:30 PM – Networking and Dinner

6:30 – 8:00 PM – ISSA NOVA Announcements & Program

Location:
Bldg: Location: MITRE 1 Auditorium
7525 Colshire Drive
McLean, Virginia
22102