What is Federal Risk and Authorization Management Program?

Federal Risk and Authorization Management Program (FedRAMP) Definition

The Federal Risk and Authorization Management Program (FedRAMP) is a program that provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud products and services that are used by U.S. government agencies. FedRAMP was designed to help streamline the adoption of cloud products and ensure that the appropriate security measures are always in place.

What is Federal Risk and Authorization Management Program (FedRAMP)

FAQs

What is FedRAMP PMO?

The FedRAMP Program Management Office (PMO) provides guidance to Cloud Service Providers (CSPs) and Third-Party Assessors (3PAOs) on how to deliver a high quality authorization package.

*Source: https://www.fedramp.gov/faqs/

What is the difference between FedRAMP and NIST?

NIST provides standards and guidelines pertaining to risk management, information security, and privacy controls for information systems that are used by the U.S. federal government. FedRAMP uses NIST as part of its own framework to ensure that U.S. government agencies are using cloud services securely and efficiently.

What does FedRAMP certification mean?

Cloud service providers must demonstrate that their products meet FedRAMP compliance requirements in order to be certified or FedRAMP-authorized. To demonstrate compliance, they must:

  • Implement proper security controls
  • Complete a system security plan
  • Obtain review from a FedRAMP third-party assessment organization
  • Develop a plan of action to address any security weaknesses that are identified
  • Implement a program to continuosly monitor any risks or vulnerabilities to the system
What does a FedRAMP authorization package consist of?

The FedRAMP authorization package consists of a System Security Plan that is prepared by the cloud service provider and a Security Assessment Plan, which is completed by a FedRAMP-approved third-party assesment organization.

*Source: https://blog.hootsuite.com/what-is-fedramp/

Best Practices for Quality & Compliance

Read our guides to learn best practices on how to eliminate issues and risks and launch high-quality, compliant products to market.