Optiv Cybersecurity Dictionary

What is FEDRamp - The Federal Risk and Authorization Management Program?

In 2012, FEDRamp began providing guidance to government and corporate organizations, offering a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.


Its core objectives are to reduce duplicity and increase efficiencies associated with security authorization processes, and to reduce associated cost inefficiencies.


During development, creators collaborated closely with several cloud security and industry experts within the public, private and government industry sectors. This includes government entities such as GSA, NIST, DHS, DOD, NSA, OMB, the Federal CIO Council and numerous other key cloud and infrastructure professionals.


There are three ways to be associated with the FedRAMP program:


  • Be a federal agency that utilizes FedRAMP
  • Be a cloud service provider that becomes FedRAMP Security Authorized
  • Be a Third-Party Assessment Organization (3PAO) for the FedRAMP Accredited Assessor Program

Contact Us