FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide compliance program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.[1] In 2011, the Office of Management and Budget (OMB) released a memorandum establishing FedRAMP "to provide a cost-effective, risk-based approach for the adoption and use of cloud services to Executive departments and agencies."[2] The General Services Administration (GSA) established the FedRAMP Program Management Office (PMO) in June 2012.FedRAMP is governed by different Executive Branch entities that collaborate to develop, manage, and operate the program.The FedRAMP Policy Memo requires federal agencies to use FedRAMP when assessing, authorizing, and continuously monitoring cloud services in order to aid agencies in the authorization process as well as save government resources and eliminate duplicative efforts.
United States federal governmentsecurity assessmentOffice of Management and BudgetGeneral Services AdministrationFederal Information Security Management Act of 2002Infrastructure as a ServicePlatform as a ServiceSoftware as a ServiceExecutive BranchDepartment of Homeland SecurityDepartment of DefenseNational Institute of Standards and TechnologyFederal Chief Information Officers (CIO)NIST SP 800-53 (as revised)Cloud computing issues