FedRAMP, The Federal Risk and Authorization Management Program is a United States Government program that standardizes how Federal Information Security Management Act (FISMA) is applied when cloud computing services are used.
FedRAMP provides a definitive approach to security assessment, authorization, and continuous observation of cloud based services. FedRAMP reduces the cost of FISMA compliance by employing a “do once and use several times” approach and allows Government entities to secure Government information and detect cyber security vulnerabilities at unprecedented speeds.
FedRAMP was developed in association with the NIST, GSA, DOD, and DHS. other Government Agencies, operating teams, and business specialists participated in providing input to the development of FedRAMP. Once Authorizing officers (AOs) incorporate the FedRAMP Security Assessment Framework (SAF) with internal security authorization processes, it’ll guarantee they meet the FedRAMP needs for cloud services they use.
Office of Management and Budget (OMB) released a plan to restructure federal IT initiative on December 9, 2010. This plan explains “Cloud First” policy required by US Federal agencies to use cloud solutions whenever a secured, reliable, cost effective cloud option exist. On February 8, 2011, OMB published the Federal Cloud Computing Strategy to give Agencies a defined strategy and pathway to effectively migrate services to the cloud. On December 8, 2011, OMB published the Security Authorization of Information Systems in Cloud Computing Environments, also known also as the FedRAMP Policy Memo that require all Federal Agencies to meet the FedRAMP requirements for all Agency use of cloud services.
FedRAMP approach uses a framework that reduces cost, time and staff requirement for redundant agency security assessment.
The purpose of FedRAMP is to:
• Ensure cloud systems used by Government agencies have enough safeguards
• Eliminate duplication effort and reduce risk management costs
• Make Government procurement of information systems/services rapid and cost-effective
GOVERNANCE AND STAKE HOLDERS
FedRAMP stakeholders are entities those have a vested interest in the implementation and operations of FedRAMP. The FedRAMP Policy Memo outlined stakeholder responsibilities are delineated in the Joint Authorization Board (JAB) Charter.