Comment by 0xbadcafebee

Technically you could already win contracts without all those things, there are like a thousand loopholes. FedRAMP in particular only really covers cloud hosting, there are other DoD standards you have to follow for more specific systems. And if the agency isn't DoD, I don't think they apply anyway.

If we had a software building code that applied to digital infrastructure in general, the way building codes apply to buildings in general, and electrical codes apply to electrical installation in general, this wouldn't be an issue, because you'd need your shit together to make any software product. But nobody seems to mind companies making shit products and leaking all our data.