• The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
  • Entities involve in FedRAMP
    • U.S. General Services Administration (GSA) is the FedRAMP leading agency
    • FedRAMP Program Management Office (PMO): Housed within GSA and responsible for operational management
    • Joint Authorization Board (JAB): Same responsibility as an authorization Official in FISMA.JAB made up of CIO from DHS, GSA, the Department of Defenseal CIO Council
    • Cloud Service Providers (CSPs): Microsoft, Amazon, etc.
    • Third Party Assessors(3PAO): SecureIT, SRA International, etc.
    • Agency: As a primary actor in the FedRAMP process, agencies engage with CSPs, 3PAOs, and the FedRAMP PMO-NIH, DoD
  • Cloud system can only be categorized as Moderate or Low
  • All the templates are provided on the main FedRAMP page (SSP, FIPS199, SAR, SAP, POAM, etc.)

error: Content is protected !!