Please visit www.FedRAMP.gov for additional information on FedRAMP.
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that will save cost, time, and staff required to conduct redundant agency security assessments.
On December 8, 2011, the Office of Management and Budget (OMB) released a memorandum to Chief Information Officers regarding security authorizations of information systems in the cloud computing environments. The memorandum:
- Establishes Federal policy for the protection of Federal information in cloud services
- Describes the key components of FedRAMP and its operational capabilities
- Defines Executive department and agency responsibilities in developing, implementing, operating and maintaining FedRAMP
- Defines the requirements for Executive departments and agencies using FedRAMP in the acquisition of cloud services
- FedRAMP Security Controls - The baseline controls required for FedRAMP security assessments and authorizations.
- FedRAMP CONOPS - The FedRAMP Program Management Office's Concept of Operations for FedRAMP
- FedRAMP JAB Charter - The Joint Authorization Board's Charter detailing roles and responsibilities and governance.
- OMB Policy Memo – OMB policy guidance on issues affecting FedRAMP
- FedRAMP FAQs – provides answers to most questions about FedRAMP