“The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a ‘do once, use many times’ framework…” FedRAMP offers significant cost savings for US Federal Government agencies when using and securing of cloud services, and supports the compliance requirements in the Federal Information Security Management Act (FISMA).

  • The Low/Moderate baselines are appropriate for systems with public or sensitive information, where a breach or loss of availability would have a limited, non-catastrophic impact.
  • The High baseline is appropriate for systems with highly sensitive information, where a breach or loss of availability would have a severe and/or catastrophic impact.