GovLoop Guide: Making the Most of FedRAMP

Guide cover

Government agencies have been talking about the cloud for more than a decade. With mandates from the White House like the Cloud First Policy enacted by the Obama administration in 2010 and, more recently, an updated approach to modernization as part of the 2018 Modernizing Government Technology (MGT) Act, as well as the shift to “Cloud Smart,” the cloud has been a top-of-mind issue for agencies at all levels.

Security, however, was always the key sticking point for many agencies hesitant to move their systems into the cloud. Is the cloud secure? How can you fully capitalize on the cloud and ensure security to advance your agency’s mission while respecting compliance and security.

In order to assuage fears and set standards for cloud security, the government created the Federal Risk and Authorization Management Program (FedRAMP). Launched in 2012, FedRAMP has played a key role in the adoption of cloud by establishing a common baseline for securing cloud products and services.

And agencies at all levels of government see the value in using standards to improve cloud security. Although FedRAMP is a mandatory federal program, there is a growing number of state and local governments using the same requirements to evaluate their cloud service providers (CSPs). The benefits include time and cost savings when verifying security practices at those companies, as well as a level of assurance that vendors have met rigorous security requirements.

In this guide, brought to you by GovLoop, Carahsoft and partner companies, we look at the current state of cloud in government, more specifically, the state of cloud security, the role of FedRAMP and how agencies can move forward with digital and modernization efforts securely.

Downward arrows