ABOUT FEDRAMP
FEDRAMP OVERVIEW
The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.
FedRAMP Ready is a milestone step that ensures that a cloud service provider’s (CSP) documentation meets the FedRAMP Program management Office’s (PMO) minimum quality and security standards. CSPs must pass an initial review of their system security plan (SSP) before being listed as FedRAMP Ready on fedramp.gov.
Key processes of FedRAMP are:
- Security Assessment: The security assessment process uses standardized set of requirements in accordance with FISMA using baseline set of NIST 800-53 controls to grant security authorizations
- Leveraging and Authorization: Federal agencies view security authorization packages in the FedRAMP repository and leverage the security authorization packages to grant security authorization at their own agency
- Ongoing Assessment & Authorization: Once authorization is granted, ongoing assessment and authorization activities must be completed to maintain security authorization
FedRAMP goals include:
- Accelerate the adoption of secure cloud solutions
- Achieve consistent security authorizations using a baseline set of agreed upon standards to be used for cloud product approval
- Ensure consistent application of existing security practice
- Increase automation and near real-time data for continuous monitoring
FedRAMP benefits include:
- Increase re-use of existing security assessments across agencies
- Improve real-time security visibility
- Provide a uniform approach to risk-based management
- Improve the trustworthiness, reliability, consistency, and quality of the federal security authorization process
To learn more, visit the FedRAMP website.