The Federal Risk and Authorization Management Program, or FedRAMP, is a U.S. federal government cloud risk and security standard.
FedRAMP is the toughest compliance standard to achieve and maintain. It is both techncial and controls driven and requires the solution or services to be compliant 365 days a year but more importantly they organisation needs to be able to prove it.
It does offer commercial organisations the opportunity to enter into significant contracts with US Federal Agencies and it is not restricted to US companies, I am currently dealing with clients from almost a dozen different countries.
- NIST 800-53 v5 upon which FedRAMP is based.
- FedRAMP Frequently Asked Questions
- FedRAMP Security Assessment Framework
- FedRAMP Authorization Boundary Guidance
- FedRAMP Deployment Models and CSP Authorization Playbook
- Make the Most of the FedRAMP Marketplace
- Securing Your Cloud Solutions for Government Adoption
- FedRAMP – 8 years in and 100 assessments achieved
- The Trusted Internet Connection pilots will help flesh out roles and responsibilities for safely navigating government cloud programs, according to the TIC program manager