Federal Risk and Authorization Management Program


Federal Risk and Authorization Management Program (FedRAMP) is an assessment and authorization process which United States Federal Agencies have been directed by the Office of Management and Budget to ensure security is in place when accessing cloud computing products and services.

The OMB identified cybersecurity as one of 14 Cross-Agency Priority (CAP) Goals established in accordance with the Government Performance and Results Modernization Act of 2010.

The second Chief Information Officer of the United States, Steven VanRoekel, issued a memorandum to the federal agency Chief Information Officers on December 8, 2011, defining how federal agencies should use FedRAMP. FedRAMP consists of a subset of NIST Special Publication 800-53 security controls specifically selected to provide protection in Cloud computing environments. A subset has been defined for the FIPS 199 low categorization and the FIPS 199 moderate categorization. The FedRAMP program has also established a Joint Authorization Board (JAB) consisting of Chief Information Officers from DoD, DHS, and GSA.

More Information#

There might be more information for this subject on one of the following: