Browse Definitions :

Essential Guide

Browse Sections

BACKGROUND IMAGE: iSTOCK/GETTY IMAGES

This content is part of the Essential Guide: Breaking down what's in your cloud SLA
Definition

FedRAMP (Federal Risk and Authorization Management Program)

The Federal Risk and Authorization Management Program (FedRAMP) is a risk management program that provides a standardized approach for assessing and monitoring the security of cloud products and services.

FedRAMP was created to support the government’s cloud computing plan.The program is intended to facilitate the adoption of cloud computing services among federal agencies by providing cloud service providers (CSPs) with a single accreditation that could be used by all agencies. The goal of FedRAMP is to reduce the time and money that individual agencies would otherwise have to spend on assessing a cloud provider's security. Certifications are based on a unified risk management process that includes security requirements agreed upon by the federal departments and agencies.

Although the FedRAMP certification process is quite intensive, qualified CSPs are eligible to work with government agencies, and non-government customers may be more confident in a certified CSP’s approach to security.

See also: FedRAMP 3PAO, Federal Cloud Computing Initiative,  FISMA, NIST 800 Series

This was last updated in May 2014

Continue Reading About FedRAMP (Federal Risk and Authorization Management Program)

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

I really like your whatis word of the day articles. Please remember you have an international audience. This is prompted by today's article on FedRAMP. While not a serious leap of imagination was required, I had to make my own assumption that you were talking about the US government when you say 'the government'. It's not that hard to internationalise the articles, I think. Just a thought.
Cancel
The callout you use for FedRAMP is wrong: it is actually Federal Risk and Authorization Management Program. The management aspect is a key function.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

SearchSecurity

  • Malwarebytes software

    Malwarebytes is a cross-platform anti-malware program that detects and removes malware and other rogue software.

  • Transport Layer Security (TLS)

    Transport Layer Security (TLS) is a protocol that provides authentication, privacy, and data integrity between two communicating ...

  • van Eck phreaking

    Van Eck phreaking is a form of electronic eavesdropping that reverse engineers the electromagnetic fields (EM fields) produced by...

SearchHealthIT

SearchDisasterRecovery

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

  • business continuity software

    Business continuity software is an application or suite designed to make business continuity planning/business continuity ...

  • business continuity policy

    Business continuity policy is the set of standards and guidelines an organization enforces to ensure resilience and proper risk ...

SearchStorage

  • solid-state storage

    Solid-state storage (SSS) is a type of computer storage media made from silicon microchips. SSS stores data electronically ...

  • persistent storage

    Persistent storage is any data storage device that retains data after power to that device is shut off. It is also sometimes ...

  • computational storage

    Computational storage is an information technology (IT) architecture in which data is processed at the storage device level to ...

Close