Federal Risk And Authorization Management Program

The Federal Risk and Authorization Management Program (FedRAMP) is an assessment and authorisation process which U.S. federal agencies have been directed by the Office of Management and Budget [1] to use to ensure security is in place when accessing cloud computing products and services.

The OMB identified cybersecurity as one of 14 Cross Agency Priority (CAP) Goals [2] established in accordance with the Government Performance and Results Modernization Act of 2010.

The second Chief Information Officer of the United States, Steven VanRoekel, issued a memorandum to federal agency Chief Information Officers on December 8, 2011 defining how federal agencies should use FedRAMP. FedRAMP consists of a subset of NIST Special Publication 800-53 security controls specifically selected to provide protection in cloud environments. A subset has been defined for the FIPS 199 low categorization and the FIPS 199 moderate categorization. The FedRAMP program has also established a Joint Authorization Board (JAB) consisting of Chief Information Officers from DoD, DHS, and GSA.

Before the introduction of FedRAMP, individual federal agencies managed their own assessment methodologies following guidance loosely set by the Federal Information Security Management Act of 2002.[3]

Third Party Accreditation Organizations

The Joint Accreditation Board (JAB) is responsible for establishing accreditation standards for Third Party Accreditation Organizations (3PAO) who perform the assessments of cloud solutions. The JAB also reviews authorization packages, and may grant provisional authorization (to operate). The federal agency consuming the service still has final responsibility for final authority to operate.[4] Participating vendors sell a variety of hosting services, Software as a Service packages, and several 3PAOs that provide accreditation services to other vendors.

See also


  1. ^ Office of Management and Budget, Enhancing the Security of Federal Information and Information Systems, November 18, 2013
  2. ^ Driving Federal Performance, accessed 8 June 2016
  3. ^ DOD turns to FedRAMP and cloud brokering, 21 May 2014, accessed 18 June 2016
  4. ^ "About FedRAMP". U.S. General Services Administration. 2012-06-13. Retrieved . 

External links

  This article uses material from the Wikipedia page available here. It is released under the Creative Commons Attribution-Share-Alike License 3.0.

Connect with defaultLogic
What We've Done
Led Digital Marketing Efforts of Top 500 e-Retailers.
Worked with Top Brands at Leading Agencies.
Successfully Managed Over $50 million in Digital Ad Spend.
Developed Strategies and Processes that Enabled Brands to Grow During an Economic Downturn.
Taught Advanced Internet Marketing Strategies at the graduate level.

Manage research, learning and skills at defaultLogic. Create an account using LinkedIn or facebook to manage and organize your IT knowledge. defaultLogic works like a shopping cart for information -- helping you to save, discuss and share.

  Contact Us