Federal Risk and Authorization Management Program (FedRAMP)

What is Federal Risk and Authorization Management Program (Fed RAMP)?

The Federal Risk and Authorization Management Program (Fed RAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

Cloud solution providers interested in selling to federal government agencies will go through the FedRAMP certification process.

Are you subject to GLBA compliance?

If you are a cloud solution provider (CSP) interested in selling to federal government agencies will go through the FedRAMP certification process.
The Cloud First Policy requires all federal agencies to use the FedRAMP process to conduct security assessments, authorizations, and continuous monitoring of cloud s

If you are a cloud solution providers (CSP) interested in selling to federal government agencies will go through the FedRAMP certification process.

The Cloud First Policy requires all federal agencies to use the FedRAMP process to conduct security assessments, authorizations, and continuous monitoring of cloud services. The FedRAMP Program Management Office (PMO) has outlined the following requirements for FedRAMP compliance:

ervices. The FedRAMP Program Management Office (PMO) has outlined the following requirements for FedRAMP compliance:

What are the requirements for FedRAMP Compliance?

  • The CSP has been granted an Agency Authority to Operate (ATO) by a US federal agency, or a Provisional Authority to Operate (P-ATO) by the Joint Authorization Board (JAB).
  • The CSP meets the FedRAMP security control requirements as described in the NIST 800-53, Rev. 4 security control baseline for moderate or high impact levels.
  • All system security packages must use the required FedRAMP templates.
  • The CSP must be assessed by a third-party assessment organization (3PAO).
  • The completed security assessment package must be posted in the FedRAMP secure repository.

How Can I meet the FedRAMP requirement?

  • Document: Documenting the implementation of the security controls and preparing for a FedRAMP ATO is a crucial step in the process.
  • Assess: Third party assessment organization will develop a security assessment plan (SAP) which outlines the testing approach for the CSO.
  • Authorize: The federal agency will review and approve it.
  • Continuous Monitoring: The third party assessment organization ensures that the controls assessed continue to operate effectively.

To schedule a one-hour free consultation, please fill out the simple form, one of our compliance professionals will contact you promptly. 


Contact Person*
Email Address*
Job Title
Company Name*
Company Website
Industry
Your Message
Recaptcha:

About the Author: Jenny Jo

Jenny Jo is the president and co-founder of MJJT Consultants. Ms. Jo is a Software Engineer, a Cyber Security Auditor, and an IT Project Manager. She is also a Certified Informatin Security Manager (CISM) which certifies her to audit information systems, as well as design, build, and magage businesses' information security programs.

Headquarters
Empire State Building

Network Operation Center (NOC) Office

New Jersey
Office

Powered by Ultratek Computers & Communications | Created by Top Web Designer | Marketed by Tri-State Web Marketing | Managed by MJJT Consultants

Copyright © 2019 Secured Transactions. All Rights Reserved.