Definition
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program providing a standardized approach to security assessment, authorization, and continuous monitoring of cloud products and services. Established in 2011, FedRAMP enables federal agencies to use modern cloud technologies while ensuring consistent security. Cloud Service Providers (CSPs) seeking to sell to federal agencies must obtain FedRAMP authorization through either an Agency Authorization (sponsored by a specific agency) or Joint Authorization Board (JAB) authorization. FedRAMP uses three impact levels: Low, Moderate, and High, based on FIPS 199 security categorization. Authorization requires comprehensive security documentation, third-party assessment by an accredited 3PAO, and ongoing continuous monitoring. FedRAMP Marketplace lists authorized cloud services.
Also Known As
- FedRAMP Authorized
- FedRAMP Certification
Examples
Common Mistakes to Avoid
- ✕Underestimating the time and cost required for FedRAMP authorization (typically 12-18 months)
- ✕Not choosing appropriate impact level for the data being processed
- ✕Assuming SOC 2 or other commercial certifications substitute for FedRAMP
Who Should Know This Term
Cloud service providers, federal IT buyers, cybersecurity teams, SaaS vendors
Official Source
FedRAMP PMO