Understanding FedRAMP Compliance
The Federal Risk and Authorization Management Program (FedRAMP) is set up by the U.S. federal government to ensure cloud products and services are secure enough for use by federal agencies. Getting the FedRAMP seal of approval can be very rewarding to your company because it shows both federal agencies and non-government customers that you take security seriously. FedRAMP helps to manage risk and was created to support the federal Cloud First policy from 2011. This policy was elemental for moving a vast amount of the government’s IT infrastructure to the cloud and helped determine whether the federal agencies security requirements for cloud services would fulfill the high security standards.
According to FedRamp.gov, the following describes the FedRAMP program goals and benefits:
- Accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations
- Increase confidence in security of cloud solutions
- Achieve consistent security authorizations using a baseline set of agreed upon standards to be used for Cloud product approval in or outside of FedRAMP
- Ensure consistent application of existing security practices
- Increase automation and near real-time data for continuous monitoring
- Increases re-use of existing security assessments across agencies
- Saves significant cost, time and resources – "do once, use many times"
- Improves real-time security visibility
- Provides a uniform approach to risk-based management
- Enhances transparency between government and cloud service providers (CSPs)
- Improves the trustworthiness, reliability, consistency, and quality of the Federal security authorization process