FedRAMP

FedRAMP (Federal Risk and Authorization Management Program) is the government-wide program that provides a standardized approach for security assessment, authorization, and continuous monitoring of cloud products and services. If a cloud service provider wants to sell to the federal government, their offering must be FedRAMP authorized.

FedRAMP authorization involves rigorous security assessment against a baseline of NIST SP 800-53 controls. Once authorized, the cloud service can be reused by any federal agency without duplicating the assessment — saving time and money across government. FedRAMP authorization levels (Low, Moderate, High) correspond to the sensitivity of data the service can handle.