Vendors
The Risk Management Framework governs more than just proprietary government software, it applies to all commercial software used by the government. Software vendors play a critical role in government. To do wo, vendors can either work directly with agency Authorizing Officials or they can take advantage of programs like FedRAMP, which are designed to pre-approve security compliance for some or all aspects of their products. Oftentimes they will do both. We spoke to commercial vendors and found that the Framework leads to increased cost and uncertainty in the market. Many vendors do not want to, or cannot affort to work with the government at all. The Framework reduces overall competition, especially from small businesses and, for vendors who do work with the government, it slows the adoption of commercial technologies and prevents government from taking advantage of many advanced capabiliites.