FedRAMP®

REGION

USA

INDUSTRY

Government and Public Sector

TYPE

Certifications / Attestations

STATUS

In progress

DOCUMENTATION

FedRAMP Marketplace

REFERENCE

FedRAMP related NIST publications

 

The U.S. Federal Government established the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies.

As outlined by the official FedRAMP website, the benefits of FedRAMP authorization are:

  • Reduces duplicative efforts, inconsistencies, and cost inefficiencies
  • Establishes a public-private partnership to promote innovation and the advancement of more secure information technologies
  • Enables the federal government to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations and allowing agencies to leverage security authorizations on a government-wide scale

FedRAMP is based on the National Institute of Standards and Technology (NIST) SP 800-53 Rev. 4 standard, augmented by FedRAMP specific controls and control enhancements. FedRAMP authorizations are granted at three impact levels (Low, Moderate, and High) based on NIST FIPS 199 security categorization. These levels rank the impact that the loss of confidentiality, integrity, or availability could have on an organization - Low (limited adverse effect), Moderate (serious adverse effect), and High (severe or catastrophic adverse effect).

Related Products

Control

Become a Partner

Join Dejero's growing list of partners
Call to Action