FedRAMP, Data.gov revamp just part of GSA office’s caseload

Dave McClure, associate administrator, and Kathy Conrad, principal deputy associate administrator, GSA's Office of Citizen Services and Innovative Technologies

Jack Moore | June 4, 2015 6:07 pm

The Office of Citizen Services and Innovative Technologies, within the General Services Administration, is relatively small by government standards.

But even with fewer than 100 employees, the office, which officials likened to an idea-generator for the government, carries out an extensive array of programs dealing with technology and customer service.

Last year, the office released its annual report — its first — which featured progress updates on everything from GSA’s online app marketplace to its mobile initiatives.

Dave McClure, the associate administrator in the OCSIT, and Kathy Conrad, the principal deputy associate administrator joined In Depth with Francis Rose to discuss the work the office does and the progress on cloud-computing security standards in particular.

Dave McClure and Kathy Conrad in the Federal News Radio studio.

McClure said the need for accountability and transparency — as well as a desire to show return on investment — helped drive the release of the first annual report.

“The feedback has been:’ I didn’t your office did all these things,'” McClure said. “So, in many ways it really educates both inside and outside of government what this office really does.”

Data.gov aims for ‘vibrant’ sets

Given its governmentwide focus, office is particularly interested in initiatives that impact across agencies. Conrad cited the launch of BusinessUSA.gov, an online portal developed with the Commerce Department and Small Business Administration and designed to be a “one-stop shop” for businesses to navigate the federal sphere.

Conrad also touted Data.gov “communities” — federal datasets organized by topic, such as education or energy, which she likened to a “treasury trove” of federal data.

“You have the mechanism to not only make data available, but then give people a mechanism to find impact from it,” Conrad said. “So, we’re seeing that community concept really taking off in a broad sense because it’s a way to bring together both the people who have the data with those who could use it.”

McClure said that fits with the agency’s goal of shifting from thinking of Data.gov as a simple repository of information to a “vibrant, active set of information and data that customers can come in — whether it’s an organization, a citizen, a business, academics, software developers — and actually mine it very fast.”

Agency taking its time on FedRAMP

Also high on the list of the agency’s accomplishments is the Federal Risk and Authorization Management Program, or FedRAMP, the effort to create a governmentwide process for securing and cloud-computing solutions.

McClure said the office has been working on the guidelines for about two years. It took a while, he acknowledged to develop consensus for the security standards and a baseline set of controls from all government stakeholders — civilian, defense and intelligence.

“It took us, probably, longer than we wanted, but rather than rush, you better get it right,” McClure said, “so we have taken some extra time to do that.”

The last six months has been consumed with creating the actual infrastructure to eventually run FedRAMP as a program, McClure said. And that slow launch will continue over the next couple of years.

Between now and fiscal-year 2014, GSA will “gradually roll FedRAMP out,” McClure said. “It’s not a turn the spigot on, let the water flow freely (process).”

GSA plans to release its first list of third-party assessors that have been accredited by FedRAMP in April, Conrad added. Following that, GSA will make awards for governmentwide email solutions.

By the second quarter of 2013, GSA will open up the process to more “prioritized solutions that have governmentwide impact,” McClure said. By 2014, GSA aims for FedRAMP to be a “fully operational, sustainable set of activities”

But there’s still a long process ahead and GSA “won’t get there overnight,” McClure added. “We’re going to take our time in getting there.”


FedRAMP eases vendors’ path to offer secure cloud services

FedRAMP includes 168 security controls

What does finalized FedRAMP plan mean for industry?

New FedRAMP standards first step to secure cloud computing