- The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
- Entities involve in FedRAMP
- U.S. General Services Administration (GSA) is the FedRAMP leading agency
- FedRAMP Program Management Office (PMO): Housed within GSA and responsible for operational management
- Joint Authorization Board (JAB): Same responsibility as an authorization Official in FISMA.JAB made up of CIO from DHS, GSA, the Department of Defenseal CIO Council
- Cloud Service Providers (CSPs): Microsoft, Amazon, etc.
- Third Party Assessors(3PAO): SecureIT, SRA International, etc.
- Agency: As a primary actor in the FedRAMP process, agencies engage with CSPs, 3PAOs, and the FedRAMP PMO-NIH, DoD
- Cloud system can only be categorized as Moderate or Low
- All the templates are provided on the main FedRAMP page (SSP, FIPS199, SAR, SAP, POAM, etc.)
error: Content is protected !!
Accessing this course requires a login. Please enter your credentials below!