Federal Risk and Authorization Program (FedRAMP)

Part of the Government IT glossary:

The Federal Risk and Authorization Program (FedRAMP) is a risk management program for large outsourced and multi-agency information systems used by the U.S. government.  FedRAMP authorizes and continuously monitors IT services that are used by multiple federal departments and agencies.

FedRAMP was created to support the government’s cloud computing plan. It is intended to facilitate the adoption of cloud computing services amongst federal agencies by evaluating those services offered by vendors on behalf of the agencies. The evaluations will be based on a unified risk management process that includes security requirements agreed upon by the federal departments and agencies.  Because the services are vetted by FedRAMP, each agency does not need to conduct its own risk management program. This reduces duplication of effort, the time involved in acquiring services and costs. However, agencies are still encouraged to evaluate services further based on their own use, and privacy and security requirements. The plan is to eventually expand FedRAMP beyond cloud services.

Vendors cannot directly request FedRAMP authorization. In order to be evaluated, an agency must sponsor the vendor’s system/service and submit it to FedRAMP for review by a joint authorization board. In the case of cloud services, the joint authorization board consists of senior executives and technical staff members from the Defense and Homeland Security departments, the General Services Administration and the sponsoring agency.

While FedRAMP is intended to be a government-wide initiative, agencies’ involvement is voluntary.

Learn more about FedRAMP:

Tim Mather explains how FedRAMP fits in with other cloud governance initiatives

This was last updated in July 2010
Posted by: Margaret Rouse

Related Terms



  • Government IT

    - Terms related to government IT, including definitions about specific federal, state and local government programs as well as words and phrases about policy and compliance.

  • Internet applications

    - This glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question About Federal Risk and Authorization Program (FedRAMP)Powered by

Get answers from your peers on your most technical challenges

Tech TalkComment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.