Cloud Computing

The Right Steps to Building a FedRAMP Agency


The Federal Risk and Authorization Management Program, or FedRAMP, is a federal government-wide program that offers a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The program is designed to build confidence among government users to encourage increased and widespread cloud use. FedRAMP aims to demonstrate that adopting the cloud not only makes sense financially and operationally, but can be done securely. For the first several years of introduction (and encouragement) of cloud into the federal government, the biggest roadblock was the perception that giving up itemized control of systems meant weakened security and greater vulnerability. FedRAMP offers a way for agencies and their leaders to feel assured that cloud solutions can stand up to the same, if not higher, standards than in-house deployments.

Today, FedRAMP is still a work in process. Vendors and their products are continuously going through the compliance process, meeting with Joint Authorization Boards (JAB) or an Authorization Agency to reach the strict levels of cybersecurity that FedRAMP demands. The FedRAMP assessment process starts with agencies or Cloud Service Providers (CSPs) aligning FedRAMP requirements with their service offerings or needs. CSPs must implement the FedRAMP security requirements on their environment and hire a FedRAMP-approved third party assessment organization (3PAO) to perform an independent review. The 3PAO report audits the cloud system and provides a security assessment package for JAB analysis. The FedRAMP JAB or Authorization Agency then reviews the security analysis package based on a prioritized approach and then may grant a provisional authorization to the product or service offering. Federal agencies can leverage CSP authorization packages for review when granting an agency Authority to Operate (ATO), saving all parties time and money.

At Carahsoft, our team is proud to offer a wide range of FedRAMP compliant systems. With the help of our vendor partners, government agencies can confidently move nearly every facet of their business operations into the cloud, allowing for cost savings, modernized architectures, and flexibility.

We are pleased to offer the following FedRAMP compliant systems to public sector customers:

For more information about the FedRAMP program or our FedRAMP-complaint and soon-to-be compliant partners, click here.

Related Articles