Skip to main content

Blog

Focus on FedRAMP®

Discover what’s happening in the FedRAMP world.

RFQ for GRC Solution Released

The General Services Administration (GSA) and FedRAMP have issued a request for quotation (RFQ) (47QPCA24Q0026) for a Governance, Risk, Compliance (GRC) solution to include workflow processing, data analytics, integration, and Artificial Intelligence/Machine Learning (AI/ML) capabilities for the Federal Risk and...

Continue Reading...

Penetration Test Guidance Public Comment Period

FedRAMP is seeking feedback on the draft FedRAMP Penetration Test Guidance. The original guidance...

Continue Reading...

Rev. 5 - Additional Documents Released

To modernize baselines, the National Institute of Standards and Technology (NIST) released the Sp...

Continue Reading...

Supplemental Direction v2 - CISA Emergency Dire...

Actions Required For Cloud Service Providers In consultation with the Joint Authorization Board (...

Continue Reading...

Supplemental Direction v1 - CISA Emergency Dire...

On Wednesday, January 31, 2024, the Department of Homeland Security (DHS) Cybersecurity and Infra...

Continue Reading...

FedRAMP's Emerging Technology Prioritization Fr...

The President signed Executive Order 14110 on Safe, Secure, and Trustworthy Development and Use o...

Continue Reading...

CISA Emergency Directive 24-01

On Friday, January 19, 2024, the Department of Homeland Security (DHS) Cybersecurity and Infrastr...

Continue Reading...

Modernization - Automating FedRAMP's Technology

As a reminder, you are invited to join FedRAMP’s monthly Office Hours session today at 11am ET We...

Continue Reading...

FedRAMP Modernization Overview

We are excited to share with you the concrete steps we are taking to upgrade technology and proce...

Continue Reading...

Extended Comment Period on Draft FedRAMP Memo

The Office of Management and Budget (OMB) extended the comment period for the Modernizing the Fed...

Continue Reading...

FedRAMP Repository - USDA Connect Update

As a reminder for all FedRAMP Office of Management and Budget (OMB) MAX system users, the reposit...

Continue Reading...

FedRAMP Policy Memo Public Engagement Forum wit...

The Office of Management and Budget (OMB) will be holding a virtual public engagement forum on We...

Continue Reading...

FedRAMP's Role In The AI Executive Order

On Monday, October 30, the White House issued an Executive Order (EO) on Safe, Secure, and Trustw...

Continue Reading...

OMB FedRAMP Memo

The Office of Management and Budget (OMB) has released a draft memorandum for Modernizing the Fed...

Continue Reading...

FedRAMP Repository - Next Steps

Starting mid-November, U.S. Department of Agriculture (USDA) Connect will be the repository solut...

Continue Reading...

A2LA Updates the R311

The American Association for Laboratory Accreditation (A2LA) recently released an updated version...

Continue Reading...

Rev. 5 - Additional Documents Released

FedRAMP has released the fourth wave of updated documents and templates to support the transition...

Continue Reading...

New 3PAO Training - Obligations and Performance...

FedRAMP recognized Third Party Assessment Organizations (3PAOs) now have a 300-0 Obligations and ...

Continue Reading...

CSPs Prioritized to Work with the JAB

The following Cloud Service Providers (CSPs) have been selected to work with the Joint Authorizat...

Continue Reading...

3PAO Assessment Teams Must Be Qualified

FedRAMP requires FedRAMP recognized third party assessment organization (3PAO) personnel, who per...

Continue Reading...

FedRAMP Guidance for M-21-31 and M-22-09

In accordance with Section 8 of Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity”...

Continue Reading...

The Rev. 5 Approach to SC-8, and Protecting Dat...

The FedRAMP Program Management Office is driven to ensure the community understands the details a...

Continue Reading...

Rev. 5 - Additional Documents Released

The next wave of updated Rev. 5 documents has been released. This is the third wave of documents ...

Continue Reading...

Looking Ahead - FedRAMP PMO Communications Rega...

The FedRAMP Rev. 5 baselines have been released to correspond with updates to the National Instit...

Continue Reading...

FedRAMP Marketplace Upgrade

A new and improved FedRAMP Marketplace is here! The FedRAMP Marketplace provides a searchable and...

Continue Reading...

FedRAMP Guidance on BOD 23-02

The Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Securit...

Continue Reading...

Updated Rev. 5 OSCAL Profiles and Resolved Prof...

FedRAMP has released the second wave of Rev. 5 documents: the Open Security Controls Assessment L...

Continue Reading...

Rev. 5 Baselines Have Been Approved and Released!

The FedRAMP Joint Authorization Board has approved the FedRAMP Rev. 5 baselines! The FedRAMP base...

Continue Reading...

GSA Releases FedRAMP’s 2023 Customer Survey

We want to hear from you! The FedRAMP PMO is asking for a few minutes of your time. Surveys give ...

Continue Reading...

GSA Administrator Appoints Members to the Feder...

The General Services Administration (GSA), in coordination with the Office of Management and Budg...

Continue Reading...

FedRAMP Authorizations Hit 300 Milestone

FedRAMP is excited to announce that we just reached a huge milestone: 300 FedRAMP Authorized Clou...

Continue Reading...

Updated FedRAMP 3PAO Obligations and Performanc...

The FedRAMP PMO, in coordination with the American Association for Laboratory Accreditation (A2LA...

Continue Reading...

CSPs Prioritized to Work with the JAB and Next ...

The following Cloud Service Providers (CSPs) have been selected to work with the Joint Authorizat...

Continue Reading...

Call for Federal Secure Cloud Advisory Committe...

Background The General Services Administration (GSA) is establishing the Federal Secure Cloud Adv...

Continue Reading...

FedRAMP FY22 Annual Survey Recap

The FedRAMP PMO would like to thank everyone who completed the FY22 Annual FedRAMP survey this Fa...

Continue Reading...

FedRAMP Announces the Passing of the FedRAMP Au...

The Federal Risk and Authorization Management Program (FedRAMP) has great news to share: The Pres...

Continue Reading...

Status of Crypto Modules in Historical Status

On July 1, 2022, many Federal Information Processing Standards 140 (FIPS 140) validated crypto mo...

Continue Reading...

Engaging with FedRAMP - PART 3, The SAR ...

FedRAMP often receives requests for information and guidance regarding the Agency Authorization p...

Continue Reading...

Engaging with FedRAMP - PART 2, The Kick...

FedRAMP often receives requests for information and guidance regarding the Agency Authorization p...

Continue Reading...

Engaging with FedRAMP - PART 1, The Inta...

FedRAMP often receives requests for information and guidance regarding the Agency Authorization p...

Continue Reading...

A Look Back at Fiscal Year 2022

FY22 was a year of achievement and progress for FedRAMP and we thank you for your collaboration. ...

Continue Reading...

CSP Prioritized to Work with the JAB and Next F...

The following Cloud Service Provider (CSP) has been selected to work with the Joint Authorization...

Continue Reading...

FedRAMP Agency Liaisons

FedRAMP’s Agency Liaisons are federal cloud security subject matter experts who serve as a crucia...

Continue Reading...

FedRAMP Announces Public Comment Period for Aut...

The FedRAMP PMO recently worked with the Joint Authorization Board (JAB) and the Office of Manage...

Continue Reading...

FedRAMP Releases Updated Brand Guide

The FedRAMP PMO is excited to announce the revised release of the FedRAMP Brand Guide! The update...

Continue Reading...

FedRAMP Launches OSCAL Developer Data Bites Series

FedRAMP is excited to launch an Open Security Controls Assessment Language (OSCAL) Developer Data...

Continue Reading...

FedRAMP Releases the FY22 Annual Survey

We want to hear from you! Please take a moment to complete the FedRAMP Annual Survey for Fiscal Y...

Continue Reading...

PMO Releases Subnetting White Paper

NIST control SC-7 for Boundary Protection relies in large part on subnetworks (subnets), specific...

Continue Reading...

Penetration Test Guidance Updates

We’re excited to announce the release of FedRAMP’s updated Penetration Test Guidance! These upda...

Continue Reading...

Update to the Plan of Actions and Milestones Te...

FedRAMP updated the Plan of Actions and Milestones (POA&M) template to include two new column...

Continue Reading...

CISA Releases Updated Cloud Security Technical ...

In response to Improving the Nation’s Cybersecurity Executive Order 14028 (EO), the Cybersecurity...

Continue Reading...

CSPs Prioritized to Work with the JAB and Next ...

The following Cloud Service Providers (CSPs) have been selected to work with the Joint Authorizat...

Continue Reading...

FedRAMP Receives First OSCAL System Security Plan

FedRAMP is excited to announce that the first Open Security Controls Assessment Language (OSCAL) ...

Continue Reading...

FedRAMP Rev. 5 Transition Update

At the end of 2020, National Institute of Standards and Technology’s (NIST) released Special Publ...

Continue Reading...

Responsibilities of CSPs and 3PAOs for FedRAMP ...

FedRAMP requires Cloud Service Providers (CSPs) to undergo an annual security assessment of their...

Continue Reading...

FedRAMP BOD 22-01 Guidance

The Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Securit...

Continue Reading...

FedRAMP Prepares for 'Zero Trust' Stance

The growing threat of sophisticated cyber attacks has emphasized the importance of providing secu...

Continue Reading...

FedRAMP Updates the Threat-Based Methodology to...

FedRAMP updated the Threat-Based Methodology White Paper to reflect changes to our methodology be...

Continue Reading...

FedRAMP FY21 Annual Survey Recap

In August of 2021, the FedRAMP PMO released our annual customer feedback survey. Thank you to tho...

Continue Reading...

FedRAMP Connect Business Case Deadline Extended

The due date for FedRAMP Connect Business Cases has been extended to January 28, 2022 at 5:00 p.m...

Continue Reading...

FedRAMP Releases Updated CSP Authorization Play...

FedRAMP published an updated Cloud Service Providers (CSP) Authorization Playbook to provide CSPs...

Continue Reading...

Readiness Assessment Report (RAR) Templates and...

FedRAMP has updated the Readiness Assessment Report (RAR) Guide and templates (linked below) in o...

Continue Reading...

FedRAMP Publishes Draft Rev. 5 Baselines

FedRAMP is releasing baselines for public comment, and we want your feedback. Rev 5 Baselines F...

Continue Reading...

FedRAMP Turns 10!

Congratulations to the FedRAMP Community on our 10th year anniversary as a program! What a journe...

Continue Reading...

A2LA Updates the R346 Regarding Remote Baltimor...

The American Association for Laboratory Accreditation (A2LA), in conjunction with FedRAMP, decide...

Continue Reading...

Unique Vulnerability Counts with Container Scan...

As Cloud Service Providers (CSPs) start to submit their container vulnerability scans in order to...

Continue Reading...

A Look Back at Fiscal Year 2021

FY21 was a year of achievement and progress for FedRAMP and we thank you for your collaboration. ...

Continue Reading...

CSPs Prioritized to Work with the JAB and the N...

The following Cloud Service Providers (CSPs) have been selected to work with the Joint Authorizat...

Continue Reading...

FedRAMP Releases Updated Marketplace Designatio...

FedRAMP updated its Marketplace Designations for Cloud Service Providers (CSPs) guidance document...

Continue Reading...

FedRAMP Releases Updated Agency Authorization P...

FedRAMP recently released the updated Agency Authorization Playbook to better reflect how the ini...

Continue Reading...

The Importance of ATO Letter Submission

FedRAMP would like to remind federal agencies to authorize their Cloud Service Offerings (CSOs) a...

Continue Reading...

FedRAMP Updates CSP SSP (200A) Training

FedRAMP recently revised training materials for the System Security Plan (SSP) Required Documenta...

Continue Reading...

FedRAMP Releases OSCAL Validations

FedRAMP is excited to announce the development of OSCAL validations rules, which will allow FedRA...

Continue Reading...

FedRAMP Releases the FY21 Annual Survey!

We want to hear from you! Please take a moment to complete the FedRAMP Annual Survey and share yo...

Continue Reading...

FedRAMP Releases Updated OSCAL Template & Tools

In June 2021, FedRAMP announced NIST’s release of OSCAL 1.0.0 on GitHub for CSPs, 3PAOs, and agen...

Continue Reading...

Requesting Public Comment on FedRAMP Authorizat...

FedRAMP recognizes the importance of the FedRAMP Authorization Boundary Guidance in supporting th...

Continue Reading...

A2LA Updates the R311

In an effort to strengthen the qualifications of third party assessment organizations (3PAOs), th...

Continue Reading...

FedRAMP Announces NIST’s OSCAL 1.0.0 Release

NIST released version 1.0.0 of OSCAL . The FedRAMP PMO, in collaboration with NIST, is working to...

Continue Reading...

An Update to FedRAMP’s Low, Moderate, and High ...

The Federal Risk and Authorization Management Program (FedRAMP) provides standardized security re...

Continue Reading...

Remote Testing of Datacenters

Cloud Service Providers (CSPs) hire Third Party Assessment Organizations (3PAOs) to perform secur...

Continue Reading...

6

May

Rev5 Transition Update

FedRAMP uses the National Institute of Standards and Technology’s (NIST) guidelines and procedure...

Continue Reading...

FedRAMP Connect Business Case Deadline Extended

The due date for FedRAMP Connect Business Cases has been extended to May 21, 2021 at 5:00 p.m. ET...

Continue Reading...

Release of FedRAMP Incident Communications Proc...

The Federal Risk and Authorization Management Program (FedRAMP) recently updated the FedRAMP Inci...

Continue Reading...

JAB Guidance on CentOS Linux End of Life

Red Hat, the parent company of Community ENTerprise Linux Operating System (CentOS), has announce...

Continue Reading...

FedRAMP Launches YouTube Channel

The FedRAMP PMO recently launched the FedRAMP YouTube channel as a one-stop source for quick, sim...

Continue Reading...

Vulnerability Scanning Requirements for Containers

The Federal Risk and Authorization Management Program (FedRAMP) is pleased to announce the releas...

Continue Reading...

The New FedRAMP.gov

FedRAMP is excited to announce the launch of our revamped website. Thanks to feedback from our pa...

Continue Reading...

FedRAMP Explores a Threat-Based Methodology to ...

Feasibility Study: Agile Approach to Authorizations In 2017, the Office of American Innovation (...

Continue Reading...

CSPs Prioritized to Work with the JAB and Next ...

The following Cloud Service Providers (CSPs) have been selected to work with the Joint Authorizat...

Continue Reading...

FedRAMP Hosts a 3PAO Interact Week

Throughout the week of November 16, 2020, the FedRAMP PMO held a virtual, 3PAO Interact, to bring...

Continue Reading...

FedRAMP’s NIST Rev5 Transition Plan

FedRAMP uses the National Institute of Standards and Technology’s (NIST) guidelines and procedure...

Continue Reading...

CSPs Prioritized to Work with the JAB and Next ...

The following Cloud Service Providers (CSPs) have been selected to work with the Joint Authorizat...

Continue Reading...

FedRAMP Reaches 200 Authorizations

FedRAMP is excited to announce that we just reached a huge milestone: 200 FedRAMP Authorized Clou...

Continue Reading...

Updated 3PAO Obligations and Performance Standa...

FedRAMP recently updated the 3PAO Obligations and Performance Standards document to provide addit...

Continue Reading...

Additional FedRAMP OSCAL Resources and Templates

In June 2020, FedRAMP announced the release of OSCAL resources and templates on GitHub for CSPs, ...

Continue Reading...

Requesting Public Comment on Vulnerability Scan...

Technology changes rapidly and Cloud Service Providers (CSPs) continue to evolve in order to impr...

Continue Reading...

Updated Control Implementation Summary (CIS) an...

In response to Agency and CSP feedback, FedRAMP updated the Control Implementation Summary/Custom...

Continue Reading...

Please Take the FY20 FedRAMP Annual Survey!

FedRAMP is seeking your feedback in the FedRAMP Annual Survey. FedRAMP is constantly looking for ...

Continue Reading...

An Update to FedRAMP’s High Baseline SA-9(5) Co...

The Federal Risk and Authorization Management Program (FedRAMP) provides standardized security re...

Continue Reading...

FedRAMP Announces Document and Template Updates

FedRAMP released updates to the System Security Plan (SSP) Attachment 12 template, the FedRAMP Ma...

Continue Reading...

FedRAMP Announces Agency Liaison Program

The FedRAMP PMO recently kicked off a new initiative, the Agency Liaison Program, which is design...

Continue Reading...

Using the FedRAMP OSCAL Resources and Templates

The FedRAMP PMO, in collaboration with NIST, is working to digitize the authorization package thr...

Continue Reading...

7

May

Do Once, Use Many - How Agencies Can Reuse a Fe...

One of FedRAMP’s core value propositions is facilitating government-wide reuse of security packag...

Continue Reading...

JAB Prioritized CSPs and FedRAMP Connect Updates

The following Cloud Service Providers (CSPs) have been selected to work with the Joint Authorizat...

Continue Reading...

FedRAMP Lessons Learned for Small Businesses

The FedRAMP PMO is committed to helping small businesses and startups navigate the FedRAMP author...

Continue Reading...

FedRAMP Looks Back on a Successful FY2019

Fiscal Year 2019 was a year of achievement and progress for FedRAMP. Thank you for your collabora...

Continue Reading...

FedRAMP Moves to Automate the Authorization Pro...

FedRAMP is excited to announce that the program has reached an important automation milestone. Fe...

Continue Reading...

Seeking Public Comments on the Draft Customer I...

In response to Agency and CSP feedback, FedRAMP updated the Customer Implementation Summary/Custo...

Continue Reading...

A Successful FedRAMP Startup & Small Business M...

On September 25, 2019 the FedRAMP PMO had its first Small Business/Start-Up Meetup in San Francis...

Continue Reading...

FedRAMP Connect Results and Next Round of Conne...

Congratulations to the following Cloud Service Providers (CSPs) selected to work with the Joint A...

Continue Reading...

FedRAMP Heads to San Francisco to Host Small Bu...

Are you a small business or startup interested in learning more about FedRAMP? The FedRAMP PMO is...

Continue Reading...

Please Take the FY19 FedRAMP Annual Survey!

The FedRAMP PMO is seeking your feedback and released the FedRAMP Annual Survey. If you’ve intera...

Continue Reading...

FedRAMP Launches Ideation Challenge

Do you have bold, innovative, and actionable ideas that can help transform the way agencies secur...

Continue Reading...

FedRAMP Marketplace Guidance Released

We receive thousands of questions through info@fedramp.gov, and one of the most popular topics is...

Continue Reading...

Get to Know FedRAMP's Program Manager of Securi...

As part of our spotlight series on the members of the FedRAMP PMO team, we wanted to introduce Jo...

Continue Reading...

8

May

Meet FedRAMP's Customer Success Manager

The FedRAMP PMO wants to give our readers a glimpse into the human side of the FedRAMP program by...

Continue Reading...

1

May

Best Practices for Multi-Agency Continuous Moni...

Both Cloud Service Providers (CSPs) and Federal Agencies play a role in Continuous Monitoring. Fe...

Continue Reading...

Reviewing the SAR - Best Practices for 3PAOs, A...

Cloud Service Providers (CSPs) pursuing a Low, Moderate, or High FedRAMP authorization are requir...

Continue Reading...

FedRAMP Updates 3PAO Requirements

Third Party Assessment Organizations (3PAOs) play a critical role within the Federal Risk and A...

Continue Reading...

Annual Assessment Guidance

The FedRAMP PMO recently encountered a question from a Cloud Service Provider (CSP) as to whether...

Continue Reading...

Impact of FedRAMP for Small Businesses

Did you know that over 30% of FedRAMP Cloud Service Providers (CSPs) are small businesses?* When ...

Continue Reading...

Understanding Baselines and Impact Levels in Fe...

The FedRAMP PMO fields a number of questions about impact levels and the security categorization ...

Continue Reading...