Community Working Groups will launch soon!

FedRAMP’s Community Working Groups

FedRAMP is establishing Community Working Groups to provide the public with an opportunity to engage directly with FedRAMP experts and other public participants working on shared goals to create innovative solutions that meet FedRAMP standards and policies.

These groups will serve two primary purposes:

1. Ensure FedRAMP has direct insight into community activities, goals, achievements, best practices, etc. in specific areas to inform creation of standards and policies prior to their formal development.

2. Ensure that FedRAMP stakeholders have equal public access to information from FedRAMP and an open forum and semi-structured opportunities to work towards shared goals in different and innovative ways.

FedRAMP is launching four working groups focused on key efforts related to FedRAMP 20x. They are focused on driving collaboration on shared goals and continuously driving industry discussion on best practices and implementation methods.

• Rev 5 Continuous Monitoring: Launch: March 31, 2025
• Automating Assessments: Launch: April 2, 2025
• Applying Existing Frameworks: Launch: April 8, 2025
• Continuous Reporting: Launch: April 10, 2025

How We’ll Work Together

FedRAMP will in effect sponsor and host the working group to provide a neutral space for contributors and information sharing but will not direct any work.

PMO participants will have two roles in the working group:

• Community working group managers are PMO participants responsible for administrative tasks and connective tissue. They will:

  • Provide general working group facilitation, ensuring folks stay on track with the agenda, and that everyone is able to participate appropriately.
  • Schedule meetings and post a public calendar, ensure agendas are developed, the meeting platform works appropriately, and notes are captured and posted.
  • Occasionally pose questions to the group in a way that is clearly designed to spark general discussion around a topic to see individual opinions and responses.

• FedRAMP Advocates are PMO participants engaging with the CWGs and advocating for FedRAMP in them, with a focus on technical content. They will:

  • Answer questions related to how FedRAMP’s standards and policies can best be informed by the activities performed in the working group.
  • Clarify FedRAMP’s goals and objectives related to the development of standards and policies.
  • Share public prototypes, examples, sample code, etc. developed by FedRAMP to be placed in the public domain.
  • Contribute to the development of additional public prototypes, examples, sample code, etc. developed by participants of the working group where that work is public and contributions will remain in the public domain.

Industry participants may choose to work in whatever fashion they choose, in public or in private. All activities proposed by FedRAMP will be informative, optional, and held in public.

How We’ll Communicate

FedRAMP will create a public GitHub repository for shared work products. This repository will serve as a communication hub and documentation repository, and will be a space for the working group to advance work products between meetings.

Community working groups will meet regularly to discuss progress against objectives and hold discussions to advance work products. All working group meetings will be held using Zoom, meeting schedules will be posted on public GitHub repos.

• Rev 5 Continuous Monitoring: Launch: March 31, 2025
• Automating Assessments: Launch: April 2, 2025
• Applying Existing Frameworks: Launch: April 8, 2025
• Continuous Reporting: Launch: April 10, 2025

How To Participate

How to sign up and join our meetings

• No sign up! You can find the invites to each community working group meeting in each working group’s GitHub repository in the README.md in a .ics format, so you can add it to your calendar as you see fit. Come as you please, all are welcome (although certain working groups are better suited for different areas of expertise).

How to participate and provide input asynchronously

• We encourage all participation to take place in public, to maintain transparency and trust between participants. Therefore, we will be using GitHub. If you have private concerns or feedback, reach out to info@fedramp.gov.

• Each working group has a main GitHub repository:

  • Rev 5 Continuous Monitoring: Launch: March 31, 2025
  • Automating Assessments: Launch: April 2, 2025
  • Applying Existing Frameworks: Launch: April 8, 2025
  • Continuous Reporting: Launch: April 10, 2025
• The project board and issues will be used to track goals and agendas.
• Major decisions that take place during the CWG live meetings will have a discussion assigned to them in GitHub, so that other parties can weigh in asynchronously.
• Deliverables, decision records, etc. will go through a PR process, wherein participants may review and provide feedback.