Skip to main content

Cloud Service Providers

Partnering with FedRAMP®

The federal government is one of the largest buyers of cloud technology, and Cloud Service Providers (CSPs) offer agencies innovative products that help them save time and resources while meeting their critical mission needs.

CSPs who have a Cloud Service Offering (CSO) that is being used by the federal government should consider obtaining a FedRAMP Authorization. FedRAMP provides a standardized security framework for all cloud products and services that is recognized by all executive branch federal agencies. CSPs only need to go through the FedRAMP Authorization process once for each CSO and perform continuous monitoring, with all agencies reviewing the same continuous monitoring deliverables, creating efficiencies across the government. The FedRAMP Program Management Office (PMO) provides training, guidance, and advisory support to CSPs, helping them navigate the FedRAMP process and understand the requirements.

How FedRAMP Can Help

FedRAMP serves as a bridge between the federal government and industry. There are many benefits and opportunities of pursuing a FedRAMP Authorization for CSOs, and the PMO can provide guidance around best practices and strategies to becoming FedRAMP Authorized. To get started, please contact us at info@fedramp.gov.

Get Support

Resources for Cloud Service Providers

CSP Authorization Playbook

The CSP Authorization Playbook: Getting Started with FedRAMP provides CSPs with an overview of how to develop an authorization strategy, the types of authorizations, and important considerations for their CSOs when working with FedRAMP.

[File Info: PDF - 959KB]

FedRAMP Marketplace Designations

FedRAMP Marketplace Designations for CSPs outlines the requirements for FedRAMP designations on the FedRAMP Marketplace for CSPs, including achieving a designation for a CSO, maintaining a designation, and the removal of a designation.

FedRAMP Security Controls Baseline

The FedRAMP Security Controls Baseline provides the catalog of FedRAMP High, Moderate, Low, and Tailored Low Impact Software-as-a-Service (Li-SaaS) baseline security controls, along with additional guidance and requirements.

[File Info: XLS - 301KB]

FedRAMP’s Training page

FedRAMP’s Training page has courses specifically for CSPs. Courses that are available to CSPs are designed to help understand the requirements of security package development and give a detailed overview of the required templates and their supporting documentation.

7 Lessons Learned for Small Businesses and Startups

The FedRAMP PMO is committed to helping small businesses and startups navigate the FedRAMP authorization process and developed 7 Lessons Learned for Small Businesses and Startups.