AnsweredAssumed Answered

How important is FedRAMP for your cloud computing activities?

Question asked by Eric Hibbard Employee on Jul 16, 2013
Latest reply on Jan 7, 2014 by Eric Hibbard

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government-wide program run by the General Services Administration (GSA) that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The FedRAMP assessment process is initiated by agencies or cloud service provider (CSPs) beginning a security authorization using the FedRAMP requirements which are FISMA compliant and based on the NIST 800-53 rev3 (changing to rev4) and initiating work with the FedRAMP Project Management Office (PMO). CSPs must implement the FedRAMP security requirements on their environment and hire a FedRAMP approved third party assessment organization (3PAO) to perform an independent assessment to audit the cloud system and provide a security assessment package for review.

 

Additional information on FedRAMP can be found at:  http://www.fedramp.gov.

Outcomes