FEDRamp - The Federal Risk and Authorization Management Program

In 2012, FEDRamp began providing guidance to government and corporate organizations offering a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.


The core objectives are to reduce duplicity and increase efficiencies associated with security authorization processes and to reduce associated cost inefficiencies.


During development, creators collaborated closely with several cloud security and industry experts both within the public, private and government industry sectors. This includes government entities such as GSA, NIST, DHS, DOD, NSA, OMB – and the Federal CIO Council, and numerous other key cloud and infrastructure professionals.


There are three ways to be associated with the FedRAMP program:


Be a Federal Agency which utilizes FedRAMP
Be a Cloud Service Provider which becomes FedRAMP Security Authorized
Be a Third-Party Assessment Organization (3PAO) for the FedRAMP Accredited Assessor Program.

Seeking Clarity?

View the Cybersecurity Dictionary for top terms searched by your peers.