The U.S. Federal Government established the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies.
As outlined by the official FedRAMP website, the benefits of FedRAMP authorization are:
- Reduces duplicative efforts, inconsistencies, and cost inefficiencies
- Establishes a public-private partnership to promote innovation and the advancement of more secure information technologies
- Enables the federal government to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations and allowing agencies to leverage security authorizations on a government-wide scale
FedRAMP is based on the National Institute of Standards and Technology (NIST) SP 800-53 Rev. 4 standard, augmented by FedRAMP specific controls and control enhancements. FedRAMP authorizations are granted at three impact levels (Low, Moderate, and High) based on NIST FIPS 199 security categorization. These levels rank the impact that the loss of confidentiality, integrity, or availability could have on an organization - Low (limited adverse effect), Moderate (serious adverse effect), and High (severe or catastrophic adverse effect).
/Dejero-Logo.svg "Dejero"){kind=logo}
