Browse Definitions :

Essential Guide

Browse Sections

BACKGROUND IMAGE: iSTOCK/GETTY IMAGES

This content is part of the Essential Guide: Breaking down what's in your cloud SLA
Definition

FedRAMP (Federal Risk and Authorization Management Program)

The Federal Risk and Authorization Management Program (FedRAMP) is a risk management program that provides a standardized approach for assessing and monitoring the security of cloud products and services.

FedRAMP was created to support the government’s cloud computing plan.The program is intended to facilitate the adoption of cloud computing services among federal agencies by providing cloud service providers (CSPs) with a single accreditation that could be used by all agencies. The goal of FedRAMP is to reduce the time and money that individual agencies would otherwise have to spend on assessing a cloud provider's security. Certifications are based on a unified risk management process that includes security requirements agreed upon by the federal departments and agencies.

Although the FedRAMP certification process is quite intensive, qualified CSPs are eligible to work with government agencies, and non-government customers may be more confident in a certified CSP’s approach to security.

See also: FedRAMP 3PAO, Federal Cloud Computing Initiative,  FISMA, NIST 800 Series

This was last updated in May 2014

Continue Reading About FedRAMP (Federal Risk and Authorization Management Program)

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

I really like your whatis word of the day articles. Please remember you have an international audience. This is prompted by today's article on FedRAMP. While not a serious leap of imagination was required, I had to make my own assumption that you were talking about the US government when you say 'the government'. It's not that hard to internationalise the articles, I think. Just a thought.
Cancel
The callout you use for FedRAMP is wrong: it is actually Federal Risk and Authorization Management Program. The management aspect is a key function.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • encryption

    Encryption is the method by which information is converted into secret code that hides the information's true meaning. The ...

  • cybersecurity

    Cybersecurity is the protection of internet-connected systems -- including hardware, software and data -- from cyberattacks.

  • computer worm

    A computer worm is a type of malicious software program whose primary function is to infect other computers while remaining ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

Close