惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
The GitHub Blog
The GitHub Blog
美团技术团队
Know Your Adversary
Know Your Adversary
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The Register - Security
The Register - Security
Stack Overflow Blog
Stack Overflow Blog
Attack and Defense Labs
Attack and Defense Labs
G
Google Developers Blog
I
InfoQ
博客园 - 司徒正美
T
Troy Hunt's Blog
Google DeepMind News
Google DeepMind News
J
Java Code Geeks
MongoDB | Blog
MongoDB | Blog
博客园 - 聂微东
A
About on SuperTechFans
云风的 BLOG
云风的 BLOG
S
Security Affairs
M
MIT News - Artificial intelligence
Simon Willison's Weblog
Simon Willison's Weblog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Tailwind CSS Blog
量子位
Vercel News
Vercel News
月光博客
月光博客
V
Vulnerabilities – Threatpost
N
News and Events Feed by Topic
Hugging Face - Blog
Hugging Face - Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LangChain Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
F
Full Disclosure
The Hacker News
The Hacker News
Hacker News: Ask HN
Hacker News: Ask HN
T
Tor Project blog
A
Arctic Wolf
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Forbes - Security
Forbes - Security
IT之家
IT之家
Apple Machine Learning Research
Apple Machine Learning Research
B
Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Y
Y Combinator Blog
GbyAI
GbyAI
B
Blog RSS Feed
V
Visual Studio Blog
T
The Blog of Author Tim Ferriss
F
Fortinet All Blogs

MeriTalk

Eliminating Silos in IT/OT Cybersecurity Is a Funding Challenge, Not a Technical One The FedRAMP High Supply Crisis Is a Federal Security Problem – Not a Procurement Footnote How More Tightly Focused Software Development Initiatives Will Unlock Innovation Across Government Transforming Federal Cybersecurity Through Private Sector Innovation Evolving Zero Trust and Embedded AI – Federal Government Cybersecurity Predictions for 2026 Unlocking AI’s Potential in High-Assurance Environments Accelerate Agentic AI in the Federal Government: Top Takeaways Why Congress Must Reauthorize the Technology Modernization Fund Make Cybersecurity a Key Ingredient of Modernization How Spectro Cloud’s PaletteAI Secure helps agencies scale AI securely, compliantly, and confidently Fix the Foundation: How Hybrid Cloud and Trusted Data Enable Government AI New Google Workspace Cost-Saving Offer Available for U.S. Federal Government Reinventing FedRAMP in the Age of AI Balancing Security and Efficiency: The Federal IT Dilemma in the AI Era Meeting Evolving State and Local Cyber Threats AI Is the Solution to Stop AI Data Theft Enhancing U.S. Government Operations with AI and Human-Centered Design How FinOps Can Help Agencies Slash Cloud Costs in 5 Steps Will Quantum Computing Weaken or Strengthen Cybersecurity of Federal Systems? Improving Citizen and Federal Employee Experience with Virtual AI Assistants Strategies for Securing the Federal Supply Chain Reframing the U.S. Government’s Approach to Cybersecurity Oversight Three Steps Agencies Can Take to Meet Government’s AI Requirements The Impact of NIST’s PQC Standardization on the Federal Cybersecurity Ecosystem Generative AI is Revolutionizing Federal Government Operations NIST’s new PQC Algorithms and What They Mean for Federal Agencies Addressing the U.S. Quantum Labor Shortage Before It’s Too Late How a Community Vigil Approach and Secure by Design are Critical to Software Cybersecurity Addressing the Talent Shortage: How Digital Government Improves Satisfaction, Retention Here’s What We Can Learn (and Do) About Cybercrime from FBI’s Latest Internet Crime Report Implementing AI Assurance Safeguards Before OMB’s December Deadline The Next AI Wave: Quantum AI CDM’s Evolution to Non-Traditional Technology: Why Now and How Will it Succeed? Customer Expectations Require Agencies to Raise the Bar on Customer Experience, Report Shows Applying for Government Benefits Shouldn’t Be Difficult When It Comes to Identity Verification Four Federal Software Supply Chain Security Trends to Watch FedRAMP Baseline Transition Points to OSCAL-Native Tools What Zero Trust Means for Modern Government: Best Practices for Key Tenets Four Ways to Handle the IT Funding Crunch Agencies Need to Get Creative to Fill the Cyber Workforce Gap Customer Identity trends report shows control trumps convenience Federal Agencies Making Strides Toward Sustainability and Climate Action Executive Order 14028 | Improving the Nation’s Cybersecurity Depends on Data | All Data is Security Data Applying Geospatial Intelligence, AI/ML to Climate Change Challenge My Cup of IT: Angry at Arthritis, Hunting for Cures How the Federal Government Can Help Combat a Fragmented Internet Accelerating Cybersecurity for US Critical Infrastructure Getting in on the Ground Floor of the ‘New Observability’ Comply-to-Connect is Key to Zero Trust for DoD How Will Upcoming Cryptocurrency Regulations Affect Industry? My Cup of IT: Cup Cake for Kushner? Launching a New Era of Government Cloud Security Managing IT Complexity in Federal Agencies Agencies Must Modernize Zero Trust Approaches to Achieve Optimal Protection Five Essential Metrics for Measuring Federal Government CX Unlocking the Benefits of 5G and Beyond The Federal Factory of the Future: How AI is Transforming Manufacturing The Quantum Impact on Cyber How Next-Gen Computers Will Transform What’s Possible for Federal Government Agencies Must Take an Authentic Approach to Synthetic Data Biometrics and Privacy: Finding the Perfect Middle Ground Two-Way Street: Why Officials and Constituents Are Equally Responsible for Securing the Midterms The “Programmable World” Will Bring the Best of the Virtual World Into the Physical One Cyberattacks are a Common Occurrence and the Costs are Higher Than Ever Increasing Equity Through Data and Customer Experience The AI Edge: Why Edge Computing and AI Strategies Must Be Complementary How Metaverses and Web3 can Reshape Government Four Emerging Technology Trends set to Impact Government Most 5G Enables AI at the Edge Plugging Cyber Holes in Federal Acquisition Resilient Critical Infrastructure Starts with Zero Trust The Evolution of Government Tech Procurement Under CMMC 2.0 Zero Trust Requires Continuous, Tested Security for Federal Agencies How Multi-INT Fusion Accelerates Mission Intelligence for Real-Time Decision Advantage Three Things to Consider for Responsible AI in Government Legislation, White House Orders Show Agencies Opportunity for Hybrid Cloud Creating an Effective Framework for DoD’s Software Factories Realizing Upsides for Digital Security in the Hybrid Workplace A Future With AI and ML: The Power of Workforce Education Five Tips to Begin MFA Integration and Embrace Zero Trust The Vital Intersection Between Equity and Digital Transformation Equity as a Platform: Applying a New Mindset to Scale Innovation Harnessing the Right Data for Evidence-Based Equity From EO to Action: Human Factors of Enabling a Cyber Safety Review Board For Equity in Government Services, It’s Time to Change the Paradigm Critical Questions to Ask When Considering Explainable AI (XAI) for Your Federal Agency The Telework Model for Government: COVID Lessons for Building an Effective Workforce DevSecOps: 4 Steps for Mitigating the Next Cyber Attack in Your Federal IT Environment Better Cyber Hygiene Helps, but Federal Security Needs SASE Lift DoD, Feds Plot Top Cyber, Cloud Priorities for 2022 Cloud-Native Government: How to Transform With Intention DoD and VA Health Networks Face Growing Threat From Medical-Device Vulnerabilities New Federal Cybersecurity Requirements: How Agencies Should Implement a Zero Trust Architecture Protecting Our Nation Through Big Data Analytics Three Ways COVID-19 Altered Federal, State IT Budget Allocations Ransomware is More Than a Cybersecurity Issue From Me to We: Take the Mission Further With Multiparty Systems Anywhere, Everywhere: Integrating Your Virtual Workplace ‘I, Technologist’: Empowering Innovators in the Federal Workforce Mirrored World: Digital Twins Report for Duty Across Government
The Importance of FedRAMP for a FITARA 2.0
David Eppers · 2026-06-06 · via MeriTalk

By: David Epperson, Knox Systems Federal Advisory Board Member
Former Deputy CIO of the Executive Office of the President

First CIO & CISO of CISA

A new iteration of the Federal Information Technology Acquisition Reform Act, or FITARA 2.0, will be coming because the federal IT mission demands it. First passed in 2014, FITARA was designed to improve how federal agencies buy, manage and govern information technology. Over time, the FITARA Scorecard has become Congress’s primary oversight tool for assessing agency performance across IT management, modernization and cybersecurity. While the scorecard has evolved over the past decade, a more substantial refresh is needed to keep pace with cloud adoption, cybersecurity risk and the rise of artificial intelligence.

One of the most important reasons to pass FITARA 2.0 is to update the criteria the scorecard assesses so they are less subjective and more tangibly measurable. While its domains incorporate cost, schedule, performance and cybersecurity data, some areas still depend too heavily on process maturity and subjective risk characterization. In an era of escalating cyber threats and rapidly emerging AI systems, that is no longer sufficient.

Historically, scorecard methodologies and authorization processes have often emphasized documentation, procedure maturity and reported compliance status more than continuous, objective measurement of whether risk is actually being reduced. That gap matters. The next generation of oversight should move beyond subjective risk characterization and toward evidence-based validation, measurable control performance and continuous monitoring. This is especially important with emergent artificial intelligence technologies that lack deterministic reliability.

A Critical New Domain

Growing federal adoption of AI obliges its inclusion in any updated FITARA scorecard. Among other criteria, the scorecard will need to measure attributes such as AI accuracy, robustness, level of drift and level of bias. It will also need metrics for explainability of results, which, although harder to define, is essential for enabling confidence in an AI system’s output. That is especially relevant for agentic AI, as the government looks to adopt it for tasks traditionally performed by entry-level personnel in the name of cost reduction and mission acceleration.

A successful model for government purposes will be based on the use case to which it is applied. For example, the Federal Emergency Management Agency might value lack of bias higher than raw accuracy to help ensure emergency supplies are not distributed inequitably during a crisis. Given the nature of AI models, prioritizing bias reduction may create some minimal tradeoff with other criteria, such as accuracy. Alternatively, the Department of War would undoubtedly prioritize high accuracy to ensure any intended military targets are absolutely correct.

Whatever the use case, engendering agency trust in a model will require objective third-party validation by a new group of qualified validating organizations, likely outside of government. Because those organizations may touch highly sensitive data, the tools they use will need to meet rigorous federal cloud security requirements, often including FedRAMP Moderate or High authorization or certification, depending on the sensitivity of the data and mission. Without FedRAMP authorization or certification at the appropriate impact level, a validating entity will struggle to gain the confidence and trust of model developers or their agency customers.

Accelerating Delivery While Ensuring Security

The prospect of pursuing FedRAMP authorization can be intimidating. Since its inception, achieving authorization has often involved an expensive and lengthy process. While very large companies can sustain the effort, smaller companies often find the financial burden and years-long timeframe prohibitive. Because many authorization paths have required agency sponsorship and an associated level of effort, agency investment has also been required. For example, dedicating headcount previously designated for different projects, or contracting for outside help, can quickly cost an agency hundreds of thousands of unbudgeted dollars and lost bandwidth.

New mechanisms are becoming available to help address these challenges. Last year, GSA’s FedRAMP office introduced FedRAMP 20x, a cloud-native, automation-focused approach that uses Key Security Indicators and machine-readable evidence to accelerate authorization. The initial phase focused on Low authorizations and did not require an agency sponsor, with later phases intended to expand the model. While FedRAMP 20x is a valuable modernization path, questions remain about how consistently KSI evidence will be generated, validated and compared across providers as the model scales beyond the initial pilot phases.

An alternative is the landing zone model, a commercial platform-as-a-service where SaaS providers can deploy their applications into a pre-FedRAMP authorized cloud boundary, inheriting existing, approved security controls and authority to operate instead of having to recreate them. Integrated automation enables continuous environmental monitoring and validation to sustain compliance. This model enables both speed to mission for federal agencies and speed to market for SaaS providers, removing the sponsorship requirement while ensuring the highest levels of security. It is a cost-effective, highly streamlined option that can save providers years of time and millions of dollars.

Landing zones will not only quickly increase the number of secure SaaS applications available for mission support, they will also ensure that organizations validating FITARA 2.0 compliance have innovative, reliable and trustworthy tools to do so. In an environment where modernization and speed are imperative, this innovative approach will advance both without compromising security.