The Federal Government’s Secure Cloud Computing Validation Program establishes a new operational framework that prioritizes the integration of emerging technologies into federal agency operations.
The Federal Risk and Authorization Management Program’s Emerging Technology Prioritization Framework, released June 27, provides guidance to the public and private sectors on how FedRAMP can work to identify emerging technologies to focus on implementing and how cloud providers can request priority for their products that use emerging technologies.
The new framework will first be applied to AI products and technologies, with a focus on chat interfaces, code generators and debugging tools, image generators, and their associated APIs.
To align the growing demand for automation in public sector operations with existing FedRAMP requirements, the framework will begin prioritizing up to three cloud service offerings per capability, meaning up to 12 AI-based offerings could be prioritized. If an emerging cloud technology system is identified as a priority, FedRAMP will work to accelerate agency adoption and use.
“The framework is designed to accelerate the inclusion of emerging technologies in the FedRAMP marketplace, so agencies can more easily use modern tools to accomplish their missions,” according to a blog post about the framework’s release.
This final framework was preceded by a draft released in January. According to the General Services Administration, which administers FedRAMP, comments on that draft resulted in one major change: how to analyze whether a particular service qualifies as generative AI. To effectively classify an AI-powered cloud service, a provider would need to provide public links to industry-standard “model cards,” or descriptions of how the underlying AI models are leveraged in a digital system.
Part of this change was due to the lack of adequate standards to standardize the performance and architecture of emerging technology systems.
“FedRAMP will use the information on the model cards to verify whether the AI ​​being used is the type of capability advertised,” the agency said. “The purpose of collecting this information is not to evaluate the performance of the AI ​​capability, but rather whether the capability being displayed is the capability intended for priority.”
With the launch of the new framework, FedRAMP will only accept applications for this priority twice during a fiscal year.
GSA is modernizing FedRAMP licensing processes to meet the growing demand for cloud services, including work in late 2023 to leverage automation to help expedite vendor licensing backlogs.
GSA Administrator Robin Carnahan told Nextgov/FCW in June that the agency was experimenting with a variety of AI technologies to improve internal workflows. She added that the agency plans to create an AI advisory committee to understand whether and how the agency’s needs can be improved by adopting AI technology.
