When it comes to deploying secure artificial intelligence capabilities, the General Services Administration is committed to keeping the government abreast.
The draft Emerging Technology Framework for Cloud Security Program, known as FedRAMP, could be an important part of that effort, especially if industry and government agencies help advance new approaches.
Eric Mill, cloud strategy director for GSA's Technology Transformation Services, said the draft, which will be submitted for comment on March 11, is expected to help agencies use secure AI and large-scale language models. He said it helps ensure profits are made.
“This is strategically important to the program because what we're doing here is prioritizing efforts that are aligned with FedRAMP's strategic goals for the government.” This is just a first-in, first-out program. Not. We are slowly laying the groundwork for this program,” Mir said on Ask the CIO. “That's something we think is a good thing. When FedRAMP goes through the prioritization process, which is so important to what FedRAMP does, we make sure that it's well understood and that it's transparent to stakeholders. We need to make sure that it's gender-neutral, fair and clear. That's the foundation we're trying to build with this framework.”
GSA released a draft framework in late January as part of its efforts to meet the requirements of the AI executive order signed by President Joe Biden in October. GSA said in the document that it initially used large-scale language models (LLMs) and focused on emerging technology features such as chat interfaces, code generation and debugging tools, and prompt-based image generators.
Mill said the framework will help prioritize and manage the excitement around AI and LLM.
“How do we get the right balance? So how do we operationalize that? If we actually make this a priority and if that means we don't come up with things like limits, then how do we operationalize that? Why does that mean it won't?'' he said. “So, part of what we see in the framework is a proposal to stop at three. For example, there are three services based on chatbots using generative AI, and we prioritize those three. If so, I'm going to stop prioritizing it until I rethink what FedRAMP's priorities are, as they should be. FedRAMP is a program aimed at the entire cloud market, but we want to support this effort. So this is strategically important for thinking about how to answer the kinds of questions that aren't AI-specific at all.”
GSA manages backlog concerns
Prioritizing and limiting the number of cloud services is why GSA is asking vendors and others to comment on the draft framework, Mill said.
He acknowledged that restrictions, especially around AI, could cause heartburn for vendors. FedRAMP has already received a lot of interest from vendors and agencies alike for his AI and LLM services on the cloud.
“We are definitely seeing AI capabilities being added to services that are already on the market. We are seeing things coming in through the agency review process. We expect that to move up. '' said Mill. “We're not reacting to something abstract; we're reacting to what's actually in front of us.”
One of the big questions that GSA still must address is what metrics or benchmarks should be used to determine whether a technology falls into one of the three priority categories.
Mill said the GSA recognizes the potential for a larger backlog for more general cloud services as vendors that require AI capabilities to pass the vetting process build up a backlog. Ta.
“We are working hard to ensure that the urgency to accelerate government use of emerging technologies does not compete with others, lest it exacerbate the problem,” he said. Ta. “This is part of what we mean when we talk about the prioritization process and some of the limitations associated with it. This is ultimately how we keep our programs responsive. We are working diligently on short- and long-term structural changes to help us operate at the pace we need. We treat speed as a security property, and cloud providers and agencies believe in it as well. That's the spirit we should see. We'll have more to share later this year.”
Click here to learn more about FedRAMP
Mill said he could not discuss a timeline for releasing version 1 of the framework. He said GSA cannot be expected to leave comments and updates from comments for long. But he said it also depends on what people say about the framework and how much the GSA already gets right.
“I think we very much expect this to be an iterative process. This is not the only pain point in working with the FedRAMP team on this framework. I encourage everyone to feel free to reach out. They will be able to take a look at it and suggest how we can improve it,” he said. “We put a lot of effort into it [blog] Please post to clarify those questions. We strongly encourage everyone to read this announcement and this question. Chief among them is the question, “Are we measuring this correctly?” I think the concept of prioritization means making some hard choices somewhere. So when a government agency does that, we at least want to know that everyone understands why they're making that decision and what factors are involved in it. ”
In addition to finalizing the framework in the coming months, Mill said FedRAMP's other priorities are improving the customer experience for both agents and industry users and understanding the costs of obtaining approvals. Ta.
Mill said GSA is working to get vendors on the same page about the time and cost of going through the security process.
“What we think it requires is the same thing that cloud providers think is one of the exercises we're going to be working on this year. We plan to maintain a feedback loop and formalize our direction as a customer-oriented program in that way. ” he said. “I think you're going to see us working on it in a more public way, and maybe in a more tangible, mechanical sense. We value speed as a security property. We are very interested in identifying cloud providers who want to pilot different ways of working. We've never been more open-minded to experimenting with approaches, allowing us to focus our review energies on the process and on the items that everyone understands are most closely related. .For security.”
Of course, Mill said, once the draft memo from the Office of Management and Budget is complete, a whole new set of priorities will emerge.
“The energy and responsiveness that threads the eternal needle of speed, security, and all the other things that people want in a system where they want to hear where programs can change and what they can do better.” “I want everyone to see that there is a sense of sexuality,” he said. “It's not easy, but that's the whole work of the program. I think there's going to be a really good set of feedback opportunities throughout the year, not just with this emerging technology framework, but to improve these processes. I really recommend those who are going into it with spirit, and those who feel like picking up something that may have died on the vine a few years ago. But the past is the future. Let's not let that get in the way. I think there's never been a more open-minded time in the program than right now.”
Copyright © 2024 Federal News Network. All rights reserved. This website is not directed to users within the European Economic Area.
