FedRAMP
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that will save cost, time, and staff required to conduct redundant agency security assessments.
FedRAMP was established on December 8, 2011 via an official memorandum from the Federal Chief Information Officer to all agency CIOs. FedRAMP will achieve initial operating capability within 180 days.
| PROGRAM GOALS |
PROGRAM BENEFITS |
- Accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations
- Increase confidence in security of cloud solutions
- Achieve consistent security authorizations using a baseline set of agreed upon standards to be used for Cloud product approval in or outside of FedRAMP
- Ensure consistent application of existing security practices
- Increase confidence in security assessments
- Increase automation and near real-time data for continuous monitoring
|
- Increases re-use of existing security assessments across agencies
- Saves significant cost, time and resources – "do once, use many times"
- Improves real-time security visibility
- Provides a uniform approach to risk-based management
- Enhances transparency between government and cloud service providers (CSPs)
- Improves the trustworthiness, reliability, consistency, and quality of the Federal security authorization process
|
