Federal Risk and Authorization Management Program (FedRAMP)

Federal Risk and Authorization Management Program (FedRAMP) is a U.S. federal program that mandates a standardized approach to security assessments, authorization, and continuous monitoring of cloud products and services.

not a law
defines rules for government agencies contracting with cloud providers
Applies to:
- Cloud platform providers (e.g. AWS)
- Companies providing SaaS tools based in the cloud
FedRAMP certification can be very costly and difficult to achieve
run by U.S. General Services Administration (GSA)
can find a list of FedRAMP certified cloud services at: https://marketplace.fedramp.gov

Requirements

FedRAMP requires only a single authority to operate (ATO) that allows an organization to do business with any number of federal agencies.

ATO is significantly broader, and thus more stringent than FISMA’s.

adam's notes

Table of Contents

Federal Risk and Authorization Management Program (FedRAMP)

Requirements

Graph View

Backlinks