About FedRAMP

FedRAMP is the result of close collaboration with cybersecurity and cloud experts from GSA, NIST, DHS, DOD, NSA, OMB, the Federal CIO Council and its working groups, as well as private industry. Addition information on the FedRAMP governance can be found here.

The FedRAMP assessment process is initiated by agencies or cloud service provider (CSPs) beginning a security authorization using the FedRAMP requirements which are FISMA compliant and based on the NIST 800-53 rev3 and initiating work with the FedRAMP PMO.

CSPs must implement the FedRAMP security requirements on their environment and hire a FedRAMP approved third party assessment organization (3PAO) to perform an independent assessment to audit the cloud system and provide a security assessment package for review.

The FedRAMP Joint Authorization Board (JAB) will review the security assessment package based on a prioritized approach and may grant a provisional authorization. Federal agencies can leverage CSP authorization packages for review when granting an agency Authority to Operate (ATO) saving time and money.

PROGRAM GOALS	PROGRAM BENEFITS
Accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations Increase confidence in security of cloud solutions Achieve consistent security authorizations using a baseline set of agreed upon standards to be used for Cloud product approval in or outside of FedRAMP Ensure consistent application of existing security practices Increase confidence in security assessments Increase automation and near real-time data for continuous monitoring	Increases re-use of existing security assessments across agencies Saves significant cost, time and resources – "do once, use many times" Improves real-time security visibility Provides a uniform approach to risk-based management Enhances transparency between government and cloud service providers (CSPs) Improves the trustworthiness, reliability, consistency, and quality of the Federal security authorization process

PROGRAM GOALS

PROGRAM BENEFITS

Accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations
Increase confidence in security of cloud solutions
Achieve consistent security authorizations using a baseline set of agreed upon standards to be used for Cloud product approval in or outside of FedRAMP
Ensure consistent application of existing security practices
Increase confidence in security assessments
Increase automation and near real-time data for continuous monitoring

Increases re-use of existing security assessments across agencies
Saves significant cost, time and resources – "do once, use many times"
Improves real-time security visibility
Provides a uniform approach to risk-based management
Enhances transparency between government and cloud service providers (CSPs)
Improves the trustworthiness, reliability, consistency, and quality of the Federal security authorization process

BUILDINGS & REAL ESTATE

PRODUCTS & SERVICES

POLICY & REGULATIONS

PURCHASING PROGRAMS

REAL ESTATE SERVICES

HOW WE HELP

ABOUT GSA

NEWSROOM

About FedRAMP

Key Links

Key Documents

Contacts