FedRAMP Solutions

Back to Top

 

The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Cloud Service Providers (CSPs) offering low or moderate impact cloud services to federal agencies must meet FedRAMP requirements.

 

Carahsoft offers FedRAMP solutions for two different stages of compliancy. The first solution is compliant, where the cloud system has demonstrated FedRAMP compliance and can be leveraged by any agency. The second solution is In Process, where the cloud system is actively working with the government through the FedRAMP Security Assessment Framework (SAF).











  • Infrastructure-as-a-Service (13)
  • Platform-as-a-Service (19)
  • System-as-a-Service (93)
  • DoD Impact Level (83)

All FedRAMP Vendors

What is FedRAMP Compliance

What is FedRAMP Compliance?

The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The Federal Government adopted the Cloud First Policy, which requires all cloud service providers that hold federal data must be FedRAMP certified. FedRAMP compliance enables federal agencies to:

  • Rapidly adopt secure cloud services through reuse of assessments and authorizations
  • Assure the confidence in the security of cloud solutions
  • Maintain consistent security certification standards for cloud products and services
  • Preserve transparency between the federal government and cloud service providers

How to become FedRAMP Certified

How to become FedRAMP certified?

Cloud Service Providers (CSPs) that hold federal data must meet FedRAMP requirements. The cloud solutions listed below have taken one of three paths to become FedRAMP certified: JABProvisional Authorization (P-ATO), Agency Authorization, or FedRAMP Ready Certification.

Government agencies and organizations should select a cloud service offering that is FedRAMP certified as it meets the NIST 800-53 Control Framework. This reduces the impact of security threats for agencies and making the solution/service easily translatable to achieve other security standards.

Carahsoft offers FedRAMP solutions for four different security baselines: High (421 controls), Moderate (325 Controls), Low (125 Controls) and LI SAAS (38 controls). Carahsoft also offers FedRAMP solutions for three different stages of compliance:


FedRAMP Authorized

These cloud systems have security packages reflecting the completion of the FedRAMP Security Assessment Framework. A CSP who has achieved an “Authorized” designation is listed on FedRAMP’s Marketplace.


FedRAMP In Process

These cloud systems are actively working with the government through the FedRAMP Security Assessment Framework. This designation indicates the CSP is actively working on the documentation for become certified and is working with an agency that is reviewing that documentation with the intent to provide an ATO that meets FedRAMP requirements. A CSP who has achieved an “In Process” designation is listed on FedRAMP’s Marketplace.


FedRAMP Ready

These systems are ready to begin the FedRAMP Security Assessment Framework and include cloud systems and open source builds. This compliance indicates that a Third Party Assessment Organization (3PAO) attests to a cloud service’s readiness for the authorization process, and that a Readiness Assessment Report (RAR) has been reviewed and approved by the FedRAMP PMO. This designation is also required for any cloud service to enter the Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) process.


Education

MilCloud_FNN_thumbnail.jpg
Eric McGrane, GDIT's Growth Leader of the Defense Enterprise Services Sector, explains how SaaS can eliminate data transaction fees.
August_Issue_2_Full_Report_Thumbnail.jpg
Cloud technology has become indispensable for mission success in all areas, which underscores the need for innovative, comprehensive approaches to multi-cloud management.
August_Issue_2_Intro_Article_Thumbnail.jpg
To make the most of the technology, agencies must become more strategic about developing, monitoring and evolving their multi-cloud ecosystems.


Community Trends Blog



Events

Webcast
Zoom_Blue_Logo.png_.png
FEDRAMP EVENT
Carahsoft December 14, 2021
Carahsoft 11:00 AM ET
>

Webcast
DocuSign-microsite.png
FEDRAMP EVENT
Hosted By: Carahsoft
Carahsoft November 30, 2021
Carahsoft 2:00 PM ET
>


Resources


News

Black-logo.png
FEDRAMP NEWS
Carahsoft June 28, 2021

MongoDB Atlas for Government achieves FedRAMP Ready Status. This new offering provides the simplest way to deploy, operate, and scale the database for modern applications, all in a FedRAMP Ready environment that helps customers meet the most demanding data security and privacy standards.


>

trend-micro-logo.png
FEDRAMP NEWS
Carahsoft April 14, 2021

Trend Micro Incorporated, the leader in cloud security, now offers two new FedRAMP authorized cloud security services running on AWS GovCloud.


>