What is FedRAMP Compliance?

What is FedRAMP Compliance?

The Federal Risk and Authorization Management Program or FedRAMP for short is a standardized security assessment and authorization program for all cloud products and services used by federal government agencies. Introduced in 2012, FedRAMP was developed in response to the increased use of cloud computing on the part of large scale businesses and corporations around the U.S. FedRAMP was developed in accordance with the Federal Information Security Modernization Act of 2014 or FISMA 2014 as one of many of the measures taken by the federal government to update its technological infrastructure.

The FedRAMP is mandatory for all US federal agencies and any cloud computing services that these entities may employ. To this end, FedRAMP is governed by the Office of Management and Budget or OMB, the US General Services Administration or GSA, the US Department of Homeland Security or DHS, the US Department of Defense or DoD, the National Institute of Standards & Technology or NIST, and the Federal Chief Information Officers or CIO Council. FedRAMP is important for federal agencies for the following reasons:

What are the requirements for FedRAMP compliance?

Under FedRAMP, federal agencies who make use of cloud computing solutions during the course of their duties and operations are obliged to conduct security assessments and authorizations, as well as maintain the continuous monitoring of related cloud services. To this end, the FedRAMP Program Management Office or PMO has set forth the following requirements that federal agencies must comply with:

What are the two types of FedRAMP compliance?

Federal agencies who are looking to achieve FedRAMP compliance with respect to their cloud service providers can adhere to the two following pathways:

Irrespective of the pathway that a particular government agency takes in terms of FedRAMP compliance, FedRAMP authorization involves the following four steps:

As online technology continues to change the ways in which employees go about their day-to-day job functions, regulations such as FedRAMP are more important than ever before. In accordance with the FISMA 2014, the FedRAMP is any way in which the U.S. government has sought to modernize its technological framework. As websites used by federal agencies will undoubtedly have a greater risk of being impacted by cyber-attacks than other websites, laws such as FedRAMP stand guard against such attacks. As such, American citizens can rest assured that the U.S. government is taking all the necessary steps to protect its cloud-based computing infrastructure.

Related Reads