Artificial Intelligence & Machine Learning
,
Cloud Security
,
Next-Generation Technologies & Secure Development
Framework Sets Stage for Agencies to Increasingly Adopt New, Modern Tech Solutions
The U.S. federal government unveiled a framework to help prioritize emerging technologies for Federal Risk Authorization Management Program approval, setting the stage for federal agencies to adopt new and modern tech solutions that promise greater security and efficiency in their operations.
See Also: Modern SaaS Security in an AI-driven World
The framework aims to prioritize the most critical cloud-relevant emerging technologies needed for use by federal agencies, according to a June 27 blog post published on the FedRAMP website. The post states that “not all ETs will be prioritized” and lists the initial priorities, including three generative AI capabilities: chat interfaces, code generation and debugging tools, and prompt-based image generators.
FedRAMP plans to maintain an annually updated and “evolving” list of prioritized emerging technologies, and eventually it will prioritize a fourth capability target of general-purpose API offerings that help facilitate the integration of the first three generative AI capabilities into federal systems.
The prioritization system will allow cloud service providers to move near the front of the line for the authorization review process, reducing overall wait times for them to kick off the review process. Accessing the emerging technology track should be fast and simple, according to FedRAMP, and a new governance process will define how the listed capabilities will be prioritized for “skip the line” access.
The program said it expects up to 12 cloud service offerings with AI-based capabilities to be prioritized under the new framework, including up to three that implement each of the three generative AI capabilities outlined in an executive order on the safe and secure development and use of AI.
The order tasks FedRAMP with prioritizing certain emerging technologies to help agencies rapidly adopt new technology innovations while maintaining strict standards for federal use. The initial prioritizations will include up to three cloud service offerings that include API-based services that implement any of the three initial generative AI capabilities outlined in the order.
“Agencies and industry will be able to submit ideas for additional capabilities to be authorized for future revisions,” the blog post says, adding that identified emerging technology capabilities can be either in a singular category such as generative AI or span multiple categories.
Under the new framework, cloud service providers will be required to work with their authorizing official and go through a “significant change request” process to include new emerging technology offerings in their authorization.