U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Skip to page content

FedRAMP

The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves an estimated 30-40% of government costs, as well as both time and staff required to conduct redundant agency security assessments. FedRAMP is the result of close collaboration with cybersecurity and cloud experts from the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) Council and its working groups, as well as private industry.

Ramping Up Focus on FedRAMP

After recently celebrating our Fifth Birthday and logo update, the FedRAMP PMO is excited to announce a few more changes to our website in the form of a new blog series and newly created Tips & Cues page. In the interest of communicating information about how to best work with FedRAMP regularly, we will be introducing a series of multi-part blogs. These series will be published weekly, in addition to any programmatic updates that occur.

Read More →

FedRAMP 5th Anniversary

This week we’re excited to celebrate FedRAMP’s fifth birthday! The program has come a long way over the past five years, as we have been able to grow and transform the program to continue meeting our partners’ evolving needs. FedRAMP achieved initial operational capability in 2012. We launched FedRAMP.gov that year as our primary communication and outreach channel. Since then, we have continued to iterate based on the voice of the customer and have expanded our outreach to include such activities as training, weekly tips, a user-centered marketplace and dashboard, and the Focus on FedRAMP blog.

Read More →

CSP and 3PAO Roles and Responsibilities

We wanted to share some high-level guidance for CSPs and 3PAOs we created with the JAB teams to provide insight into the different roles and responsibilities for 3PAOs and CSPs in our authorization process. These roles and responsibilities were created and refined over the last year as we refined the JAB’s authorization process through FedRAMP Accelerated. The CSP’s role (189 kb PDF, 1 page) in the JAB authorization process is to ensure their service offering meets the NIST/FedRAMP requirements through the implementation and documentation of security controls.

Read More →

FedRAMP Weekly Tips & Cues – November 9, 2016

Many of our cloud service providers (CSPs), federal agencies, and third party assessment organizations (3PAOs) often share common issues and questions when going through the FedRAMP process. To help guide our stakeholders, we will be providing weekly tips and address frequently asked questions and concerns. Email us potential tips and questions that you would like published as a tip. Cloud Service Providers (CSPs) Question: Why should CSPs spend time and money developing high quality documentation when their goal is to become FedRAMP Authorized?

Read More →

FedRAMP Weekly Tips & Cues – August 10, 2016

Many of our cloud service providers (CSPs), federal agencies, and third party assessment organizations (3PAOs) often share common issues and questions when going through the FedRAMP process. To help guide our stakeholders, we will be providing weekly tips and address frequently asked questions and concerns. This week’s tips come from FedRAMP’s Accelerated event. Read the full list of questions asked during FedRAMP Accelerated here. Send potential tips and questions that you would like published as a tip [via email].

Read More →

Top