FedRAMP Acquisition FAQs
In an effort to help agencies continue to adopt secure cloud technologies, FedRAMP has been identifying ways to ensure that agencies appropriately require FedRAMP in their acquisition process as they procure cloud-based products. In support of this effort, the FedRAMP PMO worked with the Office of Management and Budget (OMB) and the Office of Federal Procurement Policy (OFPP) to develop the Acquisition FAQs guidance document that agencies can reference when developing their solicitations. These FAQs are based on questions FedRAMP regularly receives from both vendors and agencies about how FedRAMP language can best be incorporated into Request for Informations (RFIs), Request for Quotation (RFQs), and Request for Proposals (RFPs).
In reviewing this resource, Agencies will learn if they can require a CSP to have a FedRAMP Authorization, if a FISMA ATO is sufficient to meet FedRAMP requirements, and how FedRAMP requirements apply even if they are not included in a contract.