What is FedRAMP Compliance?
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government regulation that dictates a standardized approach for security assessment, authorization, and continuous monitoring of cloud products and services offered by cloud service providers (CSPs).
FedRAMP was introduced in 2011 as a memorandum to government agencies CIOs to improve the state of their information technology systems within the federal government. It encourages agencies to explore cloud computing options before they allocate financial resources to new infrastructure.
Prior to FedRAMP, every federal agency managed its own security assessments based on guidance provided by the Federal Information Security Management Act (FISMA). That resulted in a scattershot, indisciplined approach to assessing the security of CSPS.
FedRAMP affects both federal agencies, such as the Department of Defense (DoD) and the Department of Homeland Security (DHS); as well as CSPs. FedRAMP authorization seeks to determine whether CSPs meet the appropriate federal cloud security guidelines.
To qualify, CSPs must be audited by a third-party assessment organization (3PAO) to confirm whether they are FedRAMP-compliant.