What It Is

PMBOK® Guide – Eighth Edition, published by the Project Management Institute (PMI), is a comprehensive global framework for project management. It codifies principles, performance domains, processes, and practices to deliver value through projects. The approach emphasizes tailoring to context, blending principles-led mindset with non-prescriptive process guidance.

Key Components

• **Six core principlesHolistic view, value focus, quality, accountable leadership, sustainability, empowered teams.
• **Seven performance domainsGovernance, stakeholders, scope, schedule, finance, resources, risk.
• Legacy elements: Five process groups and ten knowledge areas.
• No formal certification for the guide; aligns with PMP® credentialing.

Why Organizations Use It

Drives predictability, reduces overruns, aligns projects to strategy. Mitigates contractual, audit, reputational risks. Enables hybrid delivery, competitive differentiation, stakeholder trust via standardized language and metrics like EVM.

Implementation Overview

Phased framework: alignment, gap analysis, tailoring, training, pilots, rollout, continuous improvement. Applies to all sizes/industries; tools like PMIS essential. Focuses on OPM3 maturity model for sustained capability.

What It Is

FedRAMP (Federal Risk and Authorization Management Program) is a U.S. government-wide framework standardizing security assessment, authorization, and continuous monitoring for cloud services used by federal agencies. Its primary purpose is enabling "assess once, use many times" to reduce duplication, based on risk-based NIST SP 800-53 controls aligned with FIPS 199 impact levels.

Key Components

• Baselines for Low (~156 controls), Moderate (~323), High (~410), plus LI-SaaS for low-risk SaaS.
• Core artifacts: SSP, SAR, POA&M, continuous monitoring plans.
• Built on NIST SP 800-53 Rev 5; requires 3PAO assessments.
• Authorization paths: Agency or Program ATOs.

Why Organizations Use It

• Unlocks federal contracts (e.g., $20M+ opportunities).
• Meets OMB mandates for agencies using cloud.
• Enhances risk management and CMMC compliance.
• Builds trust as a security badge for commercial sales.

Implementation Overview

• 12-18 month process: categorization, documentation, 3PAO assessment, remediation.
• Targets CSPs; high complexity for federal market entry.
• Requires audits, ongoing quarterly/annual monitoring. (178 words)