Skip to main content

Existing Frameworks Community Working Groups

This Community Working Group will launch on:

Tuesday, April 8, 2025.

Details on how to participate will be posted shortly.

What You’ll Work On

In a world where FedRAMP is relying on automated validations to the greatest extent possible, simplifying the documentation and management requirements will require us to think innovatively about how we leverage existing commercial frameworks. To the greatest extent possible, we want FedRAMP to rely on existing best practices and commercial security frameworks.

Your focus in this working group will be to help us drive toward a world where agencies can easily understand how a company’s existing commercial security frameworks can be used to make risk-based decisions in lieu of creating new materials for FedRAMP. By examining leading industry security standards, the group will investigate opportunities to leverage commercial frameworks that can address some or all of the federal cloud security requirements without creating redundant compliance processes. The evaluation will focus on identifying frameworks with proven effectiveness, assessing their potential for direct application through a rigorous analysis of scalability, cloud environment adaptability, implementation simplicity, vendor-neutral design, and economic efficiency of adoption. It will also seek to understand any gaps between these frameworks and FedRAMP requirements so that any additional tasks are focused only on those requirements not already met.

The ultimate goal is to streamline the authorization pathway by implementing commercial security approaches and standards in lieu of government-unique compliance mechanisms.

Below is a list of activities to be accomplished by this CWG.

  • Identify commercial standards that have a risk posture appropriate for federal use
  • Identify gaps between commercial frameworks and current FISMA requirements
  • Investigate automation potential in framework application

Target Audience

  • Cloud Service Providers
  • Agency security teams
  • Cybersecurity experts
  • Industry groups
  • Commercial and community-driven security standard organizations
  • Third Party Assessment Organization
  • FedRAMP advisors/consultants
GSA logo

FedRAMP.gov

official website of the GSA’s Technology Transformation Services

Looking for U.S. government information and services?
Visit USA.gov