The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves an estimated 30-40% of government costs, as well as both time and staff required to conduct redundant agency security assessments. FedRAMP is the result of close collaboration with cybersecurity and cloud experts from the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) Council and its working groups, as well as private industry.
The FedRAMP program is designed to comply with the Federal Information Security Management Act of 2002 (FISMA). It aims to accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations, increase confidence in security assessments and security of cloud solutions, achieve consistent security authorizations using a baseline set of agreed upon standards used for cloud product approval, ensure consistent application of existing security practice, and increase automation and near real-time data for continuous monitoring.
FedRAMP is the result of a close collaboration with cybersecurity and cloud experts from GSA, NIST, DHS, DOD, NSA, OMB, the Federal CIO Council and its working groups, as well as private industry.
Below are the FedRAMP duties and responsibilities for the CIO Council.
For questions regarding FedRAMP, please direct inquiries to questions@FedRAMP.gov.