The information presented herein was taken directly from the official FedRAMP website at: https://www.fedramp.gov/about-us/about/ and may be subject to copyright.
The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
This approach uses a “do once, use many times” framework that saves an estimated 30-40% of government costs, as well as both time and staff required to conduct redundant agency security assessments. FedRAMP is the result of close collaboration with cyber-security and cloud experts from the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) Council and its working groups, as well as private industry.
- Accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations
- Increase confidence in security of cloud solutions achieve consistent security authorizations using a baseline set of agreed upon standards to be used for cloud product approval in or outside of FedRAMP
- Ensure consistent application of existing security practice, increase confidence in security assessments
- Increase automation and near real-time data for continuous monitoring
- Increase re-use of existing security assessments across agencies
- Save significant cost, time, and resources – “do once, use many times”
- Improve real-time security visibility
- Provide a uniform approach to risk-based management
- Enhance transparency between government and Cloud Service Providers (CSPs)
- Improve the trustworthiness, reliability, consistency, and quality of the Federal security authorization process