// THREAT DETECTION AND DATA PRIVACY TERM

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government program that provides a standardized approach to security assessment and authorization for cloud products and services. It helps federal agencies confidently and securely adopt cloud technology from commercial providers.

FedRAMP — illustration from Wikipedia
Image via Wikipedia

TECHNICAL DEFINITION

FedRAMP (Federal Risk and Authorization Management Program) is a mandatory U.S. government compliance framework that standardizes security for cloud computing products and services used by federal agencies, based on NIST SP 800-53 controls. Cloud Service Providers (CSPs) must obtain an Authorization to Operate (ATO) from either a specific agency or the Joint Authorization Board (JAB) to demonstrate adherence to these security requirements.

BACKGROUND

The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide compliance program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The US government describes FedRAMP as FISMA for the cloud.

READ MORE ON WIKIPEDIA

SYNONYMS & ALIASES

  • Federal Risk and Authorization Management Program
  • GovCloud Security
  • Federal Cloud Compliance
  • Agency ATO
  • JAB P-ATO
  • Government Cloud Authorization

USAGE NOTE

Achieving a FedRAMP 'Authorized' status is a prerequisite for any cloud service provider wanting to sell their cloud offerings to U.S. federal government agencies.

DEVELOPERS

Organizations developing technology related to FedRAMP.

  • General Services Administration (GSA)

    The U.S. federal agency that manages the FedRAMP program. The GSA's FedRAMP Program Management Office (PMO) sets the standards, accredits assessors, and manages the marketplace of authorized cloud products.

  • Amazon Web Services (AWS)

    A major cloud service provider that develops and maintains a large portfolio of FedRAMP-authorized services. They offer specific regions, like AWS GovCloud (US), designed to host sensitive data and regulated workloads for government customers.

  • Microsoft Azure

    A leading cloud platform that provides numerous FedRAMP-authorized services through its commercial and dedicated Azure Government cloud offerings, which are built to meet the specific needs of U.S. government agencies.

  • Google Cloud Platform (GCP)

    Offers a suite of cloud computing services that have achieved FedRAMP High and Moderate authorization. GCP develops secure infrastructure and platform services that enable government agencies to modernize their IT systems.

  • Coalfire

    An accredited Third Party Assessment Organization (3PAO) that performs independent security assessments of cloud service offerings. They develop the methodologies and technology to audit systems against the FedRAMP security framework.

  • Schellman

    A top-tier Third Party Assessment Organization (3PAO) specializing in FedRAMP assessments. They provide audit and certification services that are a critical part of the authorization process for cloud providers seeking to work with the federal government.

  • Anitian

    Develops a compliance automation platform that accelerates the FedRAMP authorization process. Their technology helps companies build, secure, and monitor a compliant environment in the cloud, streamlining documentation and security control implementation.

  • stackArmor

    Develops the ThreatAlert® ATO (Authority to Operate) Accelerator, a platform specifically designed to reduce the time and cost for software companies to achieve and maintain FedRAMP and other government compliance standards on AWS and Azure.

  • Salesforce

    A major Software-as-a-Service (SaaS) provider that has developed and operates the Salesforce Government Cloud Plus, a dedicated instance of its platform that has achieved a FedRAMP High Authority to Operate (ATO).

RELATED TERMS IN COMPLIANCE & PRIVACY