FedRAMP Government Certified Cloud Providers

Back to Top

 

Government agencies require secure, modern cloud solutions to achieve mission success. The Federal Risk and Authorization Management Program (FedRAMP) evaluates the security capabilities of cloud service providers to ensure unclassified Federal information is protected.

 

FedRAMP is a Government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. Carahsoft helps Federal agencies identify and acquire secure solutions from our portfolio of FedRAMP certified cloud service providers (CSPs).











Gov FedRAMP Headliner Summit


Carahsoft's FedRAMP Vendor Portfolio

Carahsoft offers FedRAMP cloud service offerings (CSOs) for three compliance designations and three impact levels. Impact levels are determined by the security risk posed by a CSO compromising the confidentiality, integrity and availability of critical agency information.

FedRAMP_StateRAMP_Icons_Authorized.svgFedRAMP Authorized: A designation assigned to CSOs that have completed the FedRAMP authorization process through either a federal agency or the Joint Authorization Board (JAB)

FedRAMP_StateRAMP_Icons_In Process.svgFedRAMP In Process: A CSO that is working towards a FedRAMP authorization through either a federal agency or the Joint Authorization Board (JAB). Once a CSO becomes In Process, they are listed on the FedRAMP Marketplace.

FedRAMP_StateRAMP_Icons_Ready.svgFedRAMP Ready: A CSO following a Third-Party Assessment Organization (3PAO)’s attestation of security capabilities and a FedRAMP PMO approval of a Readiness Assessment Report (RAR).

FedRAMP_StateRAMP_Icons_High.svg High Impact Level: A security breach could result in severe or catastrophic negative effects on the agency or individuals. Typically appropriate for law enforcement, emergency services, military, financial or health systems.

FedRAMP_StateRAMP_Icons_Moderate.svg Moderate Impact Level: A security breach could cause significant adverse effects, including financial harm to the agency or individuals.

FedRAMP_StateRAMP_Icons_Low.svg Low Impact Level and LI-SaaS: A security breach could cause limited negative impact on an agency. Low Impact SaaS (LI-SaaS) is reserved for SaaS applications that do not store Personal Identifiable Information (PII).

 

Discover Carahsoft’s partner marketplace for FedRAMP certified cloud solutions.

  • All FedRAMP Vendors
  • Infrastructure-as-a-Service
  • Platform-as-a-Service
  • Software-as-a-Service

All FedRAMP Vendors

Click into the CSPs in Carahsoft’s marketplace of FedRAMP vendors to discover how each CSO supports mission success for the Federal government. Each description includes the compliance designation and impact level of the solution.



Related Programs and FedRAMP Certification Requirements

In addition to our marketplace of FedRAMP designated vendors, Carahsoft has put together a portfolio of solutions from our vendor partners for programs such as DoD CC SRG and StateRAMP. Utilizing our extensive industry expertise, Carahsoft also helps our vendor partners ensure their solutions are compliant with FedRAMP regulations. Explore the pages below to learn more about Carahsoft’s FedRAMP resources. 

FedRAMP is the Basis for DoD IL

 

For the Department of Defense (DoD) to leverage cloud service offerings they must follow the DoD Cloud Computing Security Requirements Guide (DoD CC SRG) set by the Defense Information Systems Agency (DISA). Carahsoft can help Defense agencies find DoD authorized Cloud Service Offerings (CSOs).

Carahsoft’s Portfolio of StateRAMP Authorized Solutions

 

FedRAMP’s success at the Federal level exposed the need for a similar program that could be utilized by state and local agencies. StateRAMP was created to allow state and local government to benefit from FedRAMP’s approach for standardizing cybersecurity requirements for IT solutions and enabling reauthorizations of security packages.

What is FedRAMP Compliance?

 

The FedRAMP Authorization Act, signed in December 2022 as part of the FY23 National Defense Authorization Act (NDAA), codifies the FedRAMP program as the authoritative security assessment and authorization baseline for cloud service offerings that process unclassified federal data. FedRAMP Compliance enables agencies to:

  • Reuse assessments and authorizations to rapidly adopt cloud services
  • Assure confidence in the security of cloud solutions
  • Maintain consistent security certification standards for cloud solutions
  • Preserve transparency between the federal government and CSP’s

How can my CSO become FedRAMP certified?

 

To work with the federal government, cloud service providers must achieve FedRAMP authorization for each cloud service offering. This ensures agencies maintain a high level of data protection that is standardized across the federal government. Federal officials look to the FedRAMP marketplace as the most reliable source when securing new cloud solutions. Learn how Carahsoft helps CSPs become FedRAMP authorized and build their federal customer base.


Upcoming FedRAMP Events

Event
GEN_transparent-80px.png
FEDRAMP EVENT
Hosted By: Genesys & Carahsoft
Carahsoft April 18, 2024
Carahsoft 9:00 AM ET
>

Email Campaigns
Netskope_logo_web80.png
FEDRAMP EVENT
Hosted By: Netskope & Carahsoft
Carahsoft March 05, 2024
Carahsoft 12:00 PM ET
>


Education: Learn More About FedRAMP

FCW_August_full_report_thumbnail.jpg
Groundbreaking tools and techniques are becoming more sophisticated and innovative at a time when government needs them to tackle a wide array of challenges.


FedRAMP Community Blog Trends



Resources


Latest FedRAMP News

Primary_Logo_RGB_TM-1_black.png
FEDRAMP NEWS
Carahsoft November 20, 2023

Socure is excited to announce that our Socure ID+ Platform has achieved FedRAMP Moderate In-Process Status.


>

Tanium-Public_Sector-Full_color.png
FEDRAMP NEWS
Carahsoft November 14, 2023

Tanium has received FedRAMP authorization for Tanium Cloud for U.S. Government (TC-USG), marking a significant step in supporting federal cybersecurity initiatives. Accredited at the Moderate Impact Level, TC-USG provides a fully managed, cloud-based service of Tanium's Converged Endpoint Management (XEM) platform. This authorization strengthens security postures, aligns with the Cloud-First Initiative, and offers federal agencies a streamlined solution for endpoint management, risk mitigation, and incident response.


>