Skip to main content

About Us

Drives a Shift

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

FedRAMP enables Agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost effective cloud-based IT.

FedRAMP created and manages a core set of processes to ensure effective, repeatable cloud security for the government. FedRAMP established a mature marketplace to increase utilization and familiarity with cloud services while facilitating collaboration across government through open exchanges of lessons learned, use cases, and tactical solutions.

FedRAMP’s Mission

  • Accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations
  • Improve confidence in the security of cloud solutions and security assessments
  • Achieve consistent security authorizations using a baseline set of agreed-upon standards for cloud product approval in or outside of FedRAMP
  • Ensure consistent application of existing security practices
  • Increase automation and near real-time data for continuous monitoring

FedRAMP by the Numbers

We cover more than 5 million assets and 1/3 of the world's internet traffic through our program We now offer 4 security baselines so government can match security to risk
$130 million in cost avoidance

FedRAMP Authorizations

If you have a Cloud Service Offering (CSO) that is in use by the federal government, you should be thinking about obtaining a FedRAMP authorization. Per an OMB memorandum, any cloud services that hold federal data must be FedRAMP authorized. There are two ways to authorize a cloud service through FedRAMP: a Joint Authorization Board (JAB) provisional authorization (P-ATO), and through individual Agencies. Learn more about these authorizations on our JAB Authorization and Agency Authorization pages.