Skip to main content

Focus on FedRAMP

Guidance on FedRAMP's Applicability to State and Local Entities

In December 2011, the federal government established FedRAMP to provide a cost-effective and risk-based approach to cloud adoption for executive departments and agencies. This included the development of a risk management framework based on FISMA requirements and NIST 800-53 by which cloud service offerings can be assessed and authorized by federal agencies. Given that FedRAMP is a rigorous cloud security...

Read More

FedRAMP Connect Business Cases Due April 12th

Reminder to all Cloud Service Providers (CSPs) that the next due date for Business Case submissions for prioritization by the Joint Authorization Board (JAB) with our FedRAMP Connect process is Friday, April 12th! You can find all of the details, requirements, and tips for success in our JAB Prioritization Criteria and Guidance document. A successful submission should include at least...

Read More

FedRAMP Hosts Another Successful Agency ISSO Training Day

On March 25th, FedRAMP hosted its fourth Agency Information System Security Officer (ISSO) training. This training was a huge success, drawing over 90 Information Security Professionals from over 30 Federal Agencies. Thank you to everyone who took time out of their day to join us. The training provided a collaborative space for ISSOs to review, understand, and discuss best practices...

Read More

2019 FedRAMP Five Awards - Accepting Nominations!

We are pleased to announce our second annual “FedRAMP Five” awards to celebrate our government partners who have helped FedRAMP grow, develop, and improve over time. FedRAMP’s success depends on our partners across the U.S. government, and we thrive as a program because of the outstanding involvement and commitment from our Agency teammates. In FY19, the FedRAMP PMO is focused...

Read More

Reviewing the SAR - Best Practices for 3PAOs, Agencies, and Cloud Service Providers

Cloud Service Providers (CSPs) pursuing a Low, Moderate, or High FedRAMP authorization are required to partner with a Third-Party Assessment Organization (3PAO) to perform an assessment of their cloud service offering. 3PAOs perform comprehensive independent and objective assessments of a CSP’s service offering and document the results of that assessment in the Security Assessment Report (SAR). The FedRAMP PMO has...

Read More

Page 3 of 24