Focus on FedRAMP
Discover what’s happening in the FedRAMP world.

On Monday, June 27th FedRAMP will be releasing updates to our templates to add some “ease of use” features as well as ensure all of the templates reflect the different authorization levels (low, moderate, high) that CSPs can pursue through FedRAMP.
The updates to our templates include the following “ease-of-use” features:
- FedRAMP SSP Template – include text fields that allow the user to enter frequently repeated text (CSP Name, Information System Name, etc.) once and automatically inserted everywhere it is used throughout the document
- Tables, except for Control Summary Information tables – include prompted data fields, choice menus, and drop-down date pickers
- Figures – include insert fields that make it easier to insert figures
All of the templates that will be updated include:
- System Security Plan (SSP)
- E-Authentication Worksheet
- Privacy Threshold Analysis and Privacy Impact Assessment (PTA & PIA)
- Rules of Behavior (RoB)
- IT Contingency Plan
- Control Implementation Summary (CIS) Report
- Control Implementation Summary (CIS) Worksheet
- FIPS 199 Categorization
- Laws and Regulations
- Inventory Workbook
FedRAMP Explores a Threat-Based Methodology to Authorizations
Feasibility Study: Agile Approach to Authorizations In 2017, the Office of American Innovation (OAI) sponsored a feasibility study, coordinated by the Office of Management and Budget (OMB) and managed by the General Services Administration (GSA) FedRAMP PMO. The study’s objective...
CSPs Prioritized to Work with the JAB and Next ...
The following Cloud Service Providers (CSPs) have been selected to work with the Joint Authorizat...
FedRAMP Hosts a 3PAO Interact Week
Throughout the week of November 16, 2020, the FedRAMP PMO held a virtual, 3PAO Interact, to bring...
FedRAMP’s NIST Rev5 Transition Plan
FedRAMP uses the National Institute of Standards and Technology’s (NIST) guidelines and procedure...
CSPs Prioritized to Work with the JAB and Next ...
The following Cloud Service Providers (CSPs) have been selected to work with the Joint Authorizat...
FedRAMP Reaches 200 Authorizations
FedRAMP is excited to announce that we just reached a huge milestone: 200 FedRAMP Authorized Clou...
Updated 3PAO Obligations and Performance Standa...
FedRAMP recently updated the 3PAO Obligations and Performance Standards document to provide addit...
Additional FedRAMP OSCAL Resources and Templates
In June 2020, FedRAMP announced the release of OSCAL resources and templates on GitHub for CSPs, ...
Requesting Public Comment on Vulnerability Scan...
Technology changes rapidly and Cloud Service Providers (CSPs) continue to evolve in order to impr...
Updated Customer Implementation Summary (CIS) a...
In response to Agency and CSP feedback, FedRAMP updated the Customer Implementation Summary/Custo...
Please Take the FY20 FedRAMP Annual Survey!
FedRAMP is seeking your feedback in the FedRAMP Annual Survey. FedRAMP is constantly looking for ...
An Update to FedRAMP’s High Baseline SA-9(5) Co...
The Federal Risk and Authorization Management Program (FedRAMP) provides standardized security re...
FedRAMP Announces Document and Template Updates
FedRAMP released updates to the System Security Plan (SSP) Attachment 12 template, the FedRAMP Ma...
FedRAMP Announces Agency Liaison Program
The FedRAMP PMO recently kicked off a new initiative, the Agency Liaison Program, which is design...
Using the FedRAMP OSCAL Resources and Templates
The FedRAMP PMO, in collaboration with NIST, is working to digitize the authorization package thr...
Do Once, Use Many - How Agencies Can Reuse a Fe...
One of FedRAMP’s core value propositions is facilitating government-wide reuse of security packag...
JAB Prioritized CSPs and FedRAMP Connect Updates
The following Cloud Service Providers (CSPs) have been selected to work with the Joint Authorizat...
FedRAMP Lessons Learned for Small Businesses
The FedRAMP PMO is committed to helping small businesses and startups navigate the FedRAMP author...
FedRAMP Looks Back on a Successful FY2019
Fiscal Year 2019 was a year of achievement and progress for FedRAMP. Thank you for your collabora...
FedRAMP Looks Back on a Successful FY2019
Fiscal Year 2019 was a year of achievement and progress for FedRAMP. Thank you for your collabora...
FedRAMP Moves to Automate the Authorization Pro...
FedRAMP is excited to announce that the program has reached an important automation milestone. Fe...
Seeking Public Comments on the Draft Customer I...
In response to Agency and CSP feedback, FedRAMP updated the Customer Implementation Summary/Custo...
A Successful FedRAMP Startup & Small Business M...
On September 25, 2019 the FedRAMP PMO had its first Small Business/Start-Up Meetup in San Francis...
FedRAMP Connect Results and Next Round of Conne...
Congratulations to the following Cloud Service Providers (CSPs) selected to work with the Joint A...
FedRAMP Heads to San Francisco to Host Small Bu...
Are you a small business or startup interested in learning more about FedRAMP? The FedRAMP PMO is...
Please Take the FY19 FedRAMP Annual Survey!
The FedRAMP PMO is seeking your feedback and released the FedRAMP Annual Survey. If you’ve intera...
FedRAMP Launches Ideation Challenge
Do you have bold, innovative, and actionable ideas that can help transform the way agencies secur...
FedRAMP Marketplace Guidance Released
We receive thousands of questions through [info@fedramp.gov](mailto:info@fedramp.gov), and one of...
Get to Know FedRAMP's Program Manager of Securi...
As part of our spotlight series on the members of the FedRAMP PMO team, we wanted to introduce Jo...
Meet FedRAMP's Customer Success Manager
The FedRAMP PMO wants to give our readers a glimpse into the human side of the FedRAMP program by...
Best Practices for Multi-Agency Continuous Moni...
Both Cloud Service Providers (CSPs) and Federal Agencies play a role in Continuous Monitoring. Fe...
FedRAMP Tailored Lessons Learned
FedRAMP introduced the Tailored baseline for Low-Impact Software-as-a-Service (Li-SaaS) in 2017 t...
Guidance on FedRAMP's Applicability to State an...
In December 2011, the federal government established FedRAMP to provide a cost-effective and risk...
FedRAMP Connect Business Cases Due April 12th
Reminder to all Cloud Service Providers (CSPs) that the next due date for Business Case submissio...
FedRAMP Hosts Another Successful Agency ISSO Tr...
On March 25th, FedRAMP hosted its fourth Agency Information System Security Officer (ISSO) traini...
2019 FedRAMP Five Awards - Accepting Nominations!
We are pleased to announce our second annual “FedRAMP Five” awards to celebrate our government pa...
Reviewing the SAR - Best Practices for 3PAOs, A...
Cloud Service Providers (CSPs) pursuing a Low, Moderate, or High FedRAMP authorization are requir...
Next CSPs Selected to work with the JAB via Fed...
The FedRAMP PMO just completed our most recent round of FedRAMP Connect, the process where Cloud ...
FAQs on Updated R311 Requirements
Since we released updates to the “R311-Specific Requirements: FedRAMP” on November 6th, which inc...
FedRAMP Welcomes New Team Member to the PMO
FedRAMP is excited to introduce a new member of our Program Management Office (PMO) Team, Brian C...
FedRAMP Updates 3PAO Requirements
Third Party Assessment Organizations (3PAOs) play a critical role within the Federal Risk and A...
Find Resources Easier with New Updates to FedRA...
The FedRAMP PMO is excited to share some new updates to the website. In response to customer feed...
FedRAMP Documentation Release
As mentioned last week, we've updated ten documents/templates and added one new document to our T...
FedRAMP Boundary Guidance - Industry Response &...
In May 2018, the FedRAMP PMO released guidance describing the “rules of thumb” Cloud Service Prov...
FedRAMP Connect - New Guidance on JAB Prioritiz...
FedRAMP is excited to announce that we are starting our next round of FedRAMP Connect! **Business...
Congratulations to the 2018 FedRAMP Five Award ...
We’re thrilled to announce the winners of the first-ever FedRAMP Five Awards, which recognize our...
FedRAMP Launches New Training Platform
We couldn’t be more excited to launch our new FedRAMP Training Platform! This platform provides a...
FedRAMP Authorization Boundary Guidance Released
Over the past year, the FedRAMP PMO has recognized that it is difficult for Cloud Service Provide...
Penetration Testing for All FedRAMP Moderate an...
Penetration testing is a well-recognized way to explore IT system weaknesses. FedRAMP requires pe...
FedRAMP Reaches 100 Authorizations
We could not be more excited to announce that we just reached a huge milestone - 100 Cloud Servic...
Annual Assessment Guidance
The FedRAMP PMO recently encountered a question from a Cloud Service Provider (CSP) as to whether...
Introducing the New CSP Authorization Playbook
The FedRAMP PMO is pleased to release the first volume of the Cloud Service Provider (CSP) Author...
Three Additional ConMon Documents Released
On January 31st, FedRAMP released several new or revised Continuous Monitoring (ConMon) documents...
Determining Your FedRAMP Boundary Definition
An authorization boundary provides a diagrammatic picture of a system’s internal components to a ...
Best Practices for Achieving and Maintaining an...
Building upon earlier guidance, the PMO has identified a number of best practices that enable CSP...
New ConMon Documents Available
As FedRAMP continues to enhance its continuous monitoring (ConMon) processes, we solicited feedba...
Impact of FedRAMP for Small Businesses
Did you know that over 30% of FedRAMP Cloud Service Providers (CSPs) are small businesses?* When ...
Accessing a CSP’s FedRAMP Materials through OMB...
The FedRAMP PMO frequently encounters questions from Agencies about how to gain access to a CSP’s...
Introducing the New Agency Authorization Playbook
The FedRAMP PMO is proud to release the [Agency Authorization Playbook](https://www.fedramp.gov/a...
Understanding Baselines and Impact Levels in Fe...
The FedRAMP PMO fields a number of questions about impact levels and the security categorization ...
Common Challenges with the Readiness Assessment...
Thank you to all our vendors who have participated in our FedRAMP Ready process by using the Read...
Why Become FedRAMP Ready?
When the FedRAMP PMO introduced FedRAMP Accelerated last year, it also introduced an evolution of...
FedRAMP Agency Authorization Process - Tips, Tr...
Continuing our efforts to enable transparency for Agencies and Cloud Service Providers (CSPs) ali...
New Third Party Assessment Organizations (3PAOs...
The FedRAMP PMO is pleased to announce the Third Party Assessment Organization (3PAO) Training Se...
FedRAMP Tailored Available for Use
We are excited to announce our release of the **_FedRAMP Tailored_** Baseline for Cloud Service P...
FedRAMP Acquisition FAQs
In an effort to help agencies continue to adopt secure cloud technologies, FedRAMP has been ident...
Finding an Initial Authorizing Agency
The Agency Authorization process is the most popular route for CSPs to take when working toward a...
How FedRAMP Supports Agencies
There are a number of ways the FedRAMP team works with Agencies at various stages of the authoriz...
FedRAMP Business Case Tips!
As the August 25th due date for the FedRAMP Business Case approaches, we have been receiving some...
Partnering for Success: CSPs and 3PAOs
Third Party Assessment Organizations (3PAOs) are hired by Cloud Service Providers (CSPs) to eithe...
Updated Welcome to FedRAMP Training Now Available
We’re excited to launch our newly revamped FedRAMP 100-A: Welcome to FedRAMP online training cour...
Make the Most of the FedRAMP Marketplace
Launched last August, the [FedRAMP Marketplace](https://marketplace.fedramp.gov/#/products?sort=p...
Updated Version of FedRAMP Tailored Available f...
We are excited to announce that the next iteration of the **_FedRAMP Tailored_** baseline is avai...
RFI on ATO Automation Tools Out for Industry Re...
In collaboration with the Office of American Innovation (OAI) and American Technology Council, GS...
CSP and 3PAO Roles and Responsibilities
We wanted to share some high-level guidance for CSPs and 3PAOs we created with the JAB teams to p...
FedRAMP Connect - The Latest Vendors Prioritize...
Over the past few months, we’ve been working to reframe how we prioritize vendors that work with ...
New FedRAMP Readiness Assessment Report for Hig...
We recently released version 1.0 of the [High Baseline Readiness Assessment Report (RAR) Template...
Onboarding New Services for JAB Provisionally A...
As FedRAMP continues to evolve and mature, the program and its stakeholders must balance the need...
Launching a FedRAMP Tailored Baseline
We are excited to announce that the FedRAMP _Tailored_ baseline is available for public comment. ...
3PAO Requirements Update
The Federal Risk and Authorization Management Program (FedRAMP) Third Party Assessment Organizati...
JAB or Agency: How Do I Get a FedRAMP ATO?
*“Should a CSP pursue JAB or agency authorization?”* That is probably one of the most common ques...
FedRAMP JAB Prioritization Criteria and Process
Over the past 6 months FedRAMP has been working to update the criteria by which the Joint Authori...
New Integrated Inventory Template
Today we released an updated and significantly different version of the [Inventory Template](ht...
HHS Cloud Security Day
Two weeks ago, Ashley Mahan and I had the pleasure of participating in the Health and Human Servi...
Timeliness of Testing for FedRAMP Accelerated
As we continue to work through FedRAMP Accelerated with the Joint Authorization Board (JAB), one ...
Follow Up on FedRAMP Costs
I wanted to take some time to respond to some of those questions and concerns that I received via...
Microsoft Dynamics CRM Online First in Pilot Pr...
Today I’m incredibly excited to announce that our first CSP crossed the FedRAMP Accelerated aut...
Tips on a FedRAMP Readiness Assessment
I recently held two mandatory webinars for our FedRAMP assessors (3PAOs) to go over our new [Read...
New FedRAMP Marketplace Dashboard
**We’re incredibly excited to announce the launch of the new [FedRAMP Marketplace dashboard](http...
FedRAMP Ready- The Next Step In Getting Vendors...
As part of the FedRAMP Accelerated process, GSA is releasing the [FedRAMP Readiness Assessment ...
Update to FedRAMP Templates
On Monday, June 27th FedRAMP will be releasing updates to our templates to add some “ease of use”...
FedRAMP PMO Newsletter, June 2016
High Baseline Release The Federal Risk and Authorization Management Program (FedRAMP) is excited...
High Baseline Release
The Federal Risk and Authorization Management Program (FedRAMP) is excited to release the FedRAMP...
Initial Readiness Assessment Report Feedback
On March 28, 2016 the FedRAMP Program Management Office (PMO) posted a draft of the FedRAMP Readi...
April 2016 FedRAMP PMO Newsletter
Initial Readiness Assessment Report Feedback On March 28, 2016, the FedRAMP Program Management O...
Project Hosts: A Small CSP Who Likes FedRAMP
Project Hosts is a small business cloud service provider (CSP) that submitted its FedRAMP paperwo...
March 2016 FedRAMP PMO Newsletter
FedRAMP Accelerated Please join FedRAMP on March 28th at GSA’s Headquarters in downtown Washingt...
#WheresAshley Update
FedRAMP’s Agency Evangelist, Ashley Mahan, has been very busy over the past month speaking to Age...
FedRAMP Unveils New Video Training Course
The FedRAMP PMO has added two new training courses to our library, including the first video trai...
February 2016 FedRAMP PMO Newsletter
Reader Submission: Case for using FedRAMP Early in my federal security experience, I supported a...
Updated Frequently Asked Questions
The FedRAMP PMO has added eight additional Frequently Asked Questions (FAQs) to the FedRAMP.gov w...