Federal Risk and Authorization Management Program (FedRAMP)
General Overview | Vendor and Service Provider Information | Press Inquiries
FedRAMP Introduction
The Federal Risk and Authorization Management Program or FedRAMP has been established to provide a standard approach to Assessing and Authorizing (A&A) cloud computing services and products. FedRAMP allows joint authorizations and continuous security monitoring services for Government and Commercial cloud computing systems intended for multi-agency use. Joint authorization of cloud providers results in a common security risk model that can be leveraged across the Federal Government. The use of this common security risk model provides a consistent baseline for Cloud based technologies. This common baseline ensures that the benefits of cloud-based technologies are effectively integrated across the various cloud computing solutions currently proposed within the government. The risk model will also enable the government to "approve once, and use often" by ensuring multiple agencies gain the benefit and insight of the FedRAMP's Authorization and access to service provider’s authorization packages.
FedRAMP Q&A Sessions
FedRAMP briefings were held at GSA during the week of November 15. In order to view the slide deck presented at these briefings, please click here.
FedRAMP Comments Period
GSA in coordination with the CIO Council posted the Proposed Security Assessment and Authorization for U.S. Government Cloud Computing for government and industry comment, as well as the reference documents referred to in the main document. Proposed Security Assessment and Authorization for U.S. Government Cloud Computing (The comment period is now closed.) Download the Full Document Download the document by section:
- Executive Summary
- Chapter 1: Cloud Computing Security Requirements Baseline
- Chapter 2: Continuous Monitoring
- Chapter 3: Potential Assessment and Authorization Approach
Reference Documents:
As of January, 17, 2010, The comment period has ended. A joint tiger team of representatives from across government will review the comments for inclusion and update in the final documents. The first phase of FedRAMP is expected to be operational first quarter CY2011. If you have any questions, please email fedramp@gsa.gov.
Press Inquiries
Press inquiries should be directed to Sara Merriam, GSA’s Press Secretary, at 202-501-9139.