What is FedRAMP?
The acronym FedRAMP refers to the Federal Risk and Authorization Management Program. It is a US Government-wide program that standardizes the security assessment, authorization and continuous monitoring of “cloud-based products and services” used by US Federal agencies.
FedRAMP aims to ensure that Cloud Service Providers (CSPs) meet rigorous security standards before federal agencies can use their services. The program is based on existing NIST SP 800-53 security controls and includes four (4) impact levels, based on the sensitivity of data being handled:
- FedRAMP Low;
- FedRAMP Moderate;
- FedRAMP High; and
- FedRAMP Low Impact SaaS (Li-SaaS).
The FedRAMP authorization process involves a Third Party Assessment Organization (3PAO) audit, which evaluates the CSP’s FedRAMP compliance. Once authorized, US Federal agencies can leverage this approval, reducing duplication and speeding cloud adoption.