CIO Council - Chief Information Officers Council - Beta

FedRAMP

FedRAMP is the Federal Risk and Authorization Management Program (FedRAMP). This program is an innovative policy approach to developing trusted relationships between Federal agencies and cloud service providers. The goal of the program is to reduce duplicative efforts, inconsistencies and cost inefficiencies associated with the current security authorization process. FedRAMP establishes a public-private partnership to promote innovation and the advancement of more secure information technologies.

By using an agile and flexible framework, FedRAMP is enabling the Federal Government to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations and allowing agencies to leverage security authorizations on a government-wide scale. The program is designed to comply with the Federal Information Security Management Act of 2002 (FISMA).

FedRAMP is the result of a close collaboration with cybersecurity and cloud experts from GSA, NIST, DHS, DOD, NSA, OMB, the Federal CIO Council and its working groups, as well as private industry.

 

Read the Latest

Guide to Understanding FedRAMP (October 26, 2012)
FedRAMP Concept of Operations (July 27, 2012)
Memo to CIOs:Security Authorization of Information Systems in Cloud Computing Environments (December 8, 2011)

Resources

FedRAMP Website
FedRAMP Joint Authorization Charter
FedRAMP Security Controls

For questions regarding FedRAMP, please direct inquiries to questions@FedRAMP.gov.