Agency Roles & Responsibilities
- Leverage the FedRAMP PMO process and the JAB-approved FedRAMP security authorization requirements as a baseline when initiating, reviewing, granting and revoking security authorizations for cloud services
- Require cloud service providers to meet FedRAMP requirements via contractual provisions
- Identify and report annually on cloud services being used that do not meet FedRAMP requirements
- Assess, authorize and continuously monitor security controls that are the Agency’s responsibilities
For more detail on agency responsibilities, please refer to the FedRAMP Policy Memo, Concept of Operations, and details described here.
The complete FedRAMP template package can be accessed here:
FedRAMP templates can be individually viewed and downloaded here:
