The federal government FedRAMP program will not allow for any additional 3PAO’s to join the already approved 16 independent testing firms after March 25, 2013. The application process will be closed March 25th, and companies already in the process will not be able to resubmit any changes to their applications.
These approved 3PAO’s are in place to review if the potential cloud providers, which want to offer their services to the government, meet the FedRAMP requirements. The 3PAO’s are responsible for saving the federal government an average $200,000 per cloud deployment by helping with the FedRAMP certification process. The pause to the vetting process is a result of the federal government’s desire to outsource the process.
In an email sent by Jackeline Stewart, a spokeswoman for the General Services Administration, the planned privatization of the "accreditation function will result in a pause in accepting new applications." She also added the length of the hiatus depends on the time it takes to evaluate fair competition and then shift responsibilities. The target time to have the process back up and running is Fall 2013.
Mike Hettinger, Public Sector Director for the Software and Information Industry Association, said "We have continually encouraged GSA to make sure that the FedRAMP program has enough bandwidth to handle the cloud service providers who want to go through the process. If, by privatizing, that will ensure enough bandwidth to go through the process, I am encouraged.” Hettinger continued to say, “I'm a little concerned about the gap between when GSA stops accepting third-party assessors and the fall when the private sector accreditation organization will be established. Having a gap probably has the potential to slow down the process."