Page Info
Description: Welcome to federal agencies, explanation of who an agency is, and why FedRAMP matters to them and they need to get in the game.
Purpose: Help agencies understand if FedRAMP applies and how to get involved and use it to their benefit.
Federal Agencies¶
FedRAMP provides a standardized, reusable approach to security assessment and authorization for cloud computing products and services used by federal agencies. Federal agencies are required by both the law and OMB policy to follow the processes and rules established by FedRAMP for the use of cloud services in agency information systems. This authority builds on "FISMA" requirements in the law and policy and may not be ignored; M-24-15 explicitly requires agencies to update their agency policies to align with FedRAMP.
FedRAMP was established to support agency mission delivery by standardizing how agencies use commercial cloud services.
All of the work done by FedRAMP is designed to help agencies save money, effort, and time by providing them with a legal framework for using commercial cloud services within federal information systems that lowers the burden for adoption significantly. FedRAMP is not an oversight or enforcement body, it exists to be the primary point of connection between agencies and commercial services to enable adoption.
-
Get Help with FedRAMP.
Learn about our support systems, the Liaison Program, and all the other ways FedRAMP will help your agency deliver.
-
When does FedRAMP apply?
Learn why not all cloud services are eligible for a FedRAMP Certification and when FedRAMP doesn't apply for agency information systems.
-
How to use FedRAMP.
Learn how to streamline and optimize the agency ATO process to properly use a FedRAMP Certified cloud service.
-
Follow the rules.
Review a simplified set of declarative rules that summarize the law and policy in plain language to help agencies follow the rules.