FedRAMP (The Federal Risk and Authorization Management Program) is a government-wide program that aims to offer agencies a standard approach to IT security, authorization, and ongoing monitoring for cloud products and services.
It’s the federal government’s gateway into secure cloud computing. Since the administration implemented the “Cloud First” policy, some agencies have found it tough to move critical IT systems due to security and high costs.
FedRAMP helps these agencies by providing 3 things:
- Rigorous security authorizations
- Improved real-time security through continuous monitoring
- Increased quality of the Federal security authorization process
Additionally, FedRAMP reuses existing processes and saves cost, time, and resources with a “do once, use many times” approach. It’s a much more efficient and more secure method for agencies to adopt cloud solutions, and is the centerpiece of a more transparent security assessment methodology across the federal government.
FedRAMP launched in June 2012 and is currently in its initial phases. We aim to provide these Cloud Service Providers (CSP) with the official “Ability to Operate” – which demonstrates to agencies that a CSP meets the FedRAMP requirements and is approved for federal government use.
Authorizations and 3PAO Accreditation
Provisional authorizations of cloud providers result in a common security risk model that all federal agencies can use, ensuring a consistent standard for these cloud-based technologies. In order to obtain a provisional authorization, the CSPs must meet the FedRAMP requirements through testing and documentation. In order to achieve this, CSPs usually hire “Third Party Assessment Organizations” to review their compliance documents for compliance and to ensure independence and fairness.
Since we’ve launched, FedRAMP has focused on preparing and walking CSPs through the entire process. The program hosted a webinar series to help clarify CSP roles and responsibilities during the process. In addition, FedRAMP is hosting documentation training sessions for CSPs which will answer any questions regarding FedRAMP templates and documents.
To date, more than 80 CSPs have applied to FedRAMP. In December, FedRAMP granted its first provisional authorization and there are plans to issue more in the upcoming months.