FedRAMP Government Certified Cloud Providers

Back to Top


The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Cloud Service Providers (CSPs) offering low or moderate impact cloud services to federal agencies must meet FedRAMP requirements.


Carahsoft offers FedRAMP solutions for two different stages of compliancy. The first solution is compliant, where the cloud system has demonstrated FedRAMP compliance and can be leveraged by any agency. The second solution is In Process, where the cloud system is actively working with the government through the FedRAMP Security Assessment Framework (SAF).

  • Infrastructure-as-a-Service (13)
  • Platform-as-a-Service (19)
  • Software-as-a-Service (93)
  • DoD Impact Level Offerings (83)

All FedRAMP Vendors

FedRAMP Compliance

What is FedRAMP Compliance?

The Federal Government adopted the Cloud First Policy, which requires all cloud service providers that hold federal data to be FedRAMP approved. FedRAMP compliance enables federal agencies to:

  • Rapidly adopt secure cloud services through reuse of assessments and authorizations
  • Assure the confidence in the security of cloud solutions
  • Maintain consistent security certification standards for cloud products and services
  • Preserve transparency between the federal government and cloud service providers

FedRAMP Certification

How to become FedRAMP certified?

Cloud Service Providers (CSPs) that hold federal data must meet FedRAMP requirements. The cloud solutions listed above have taken one of three paths to become certified: JABProvisional Authorization (P-ATO), Agency Authorization, or FedRAMP Ready Certification.

Government agencies and organizations should select a cloud service offering that is FedRAMP authorized as it meets the NIST 800-53 Control Framework. This reduces the impact of security threats for agencies and makes the solution/service easily translatable to achieve other security standards.

Carahsoft offers FedRAMP solutions for four different security baselines: High (421 controls), Moderate (325 Controls), Low (125 Controls) and LI SAAS (38 controls). Carahsoft also offers FedRAMP solutions for three different stages of compliance:

FedRAMP Authorized

These cloud systems have security packages reflecting the completion of the FedRAMP Security Assessment Framework. A CSP who has achieved an “Authorized” designation is listed on FedRAMP’s Marketplace.

FedRAMP In Process

These cloud systems are actively working with the government through the FedRAMP Security Assessment Framework. This designation indicates the CSP is actively working on the documentation for become certified and is working with an agency that is reviewing that documentation with the intent to provide an ATO that meets FedRAMP requirements. A CSP who has achieved an “In Process” designation is listed on FedRAMP’s Marketplace.

FedRAMP Ready

These systems are ready to begin the FedRAMP Security Assessment Framework and include cloud systems and open source builds. This compliance indicates that a Third Party Assessment Organization (3PAO) attests to a cloud service’s readiness for the authorization process, and that a Readiness Assessment Report (RAR) has been reviewed and approved by the FedRAMP PMO. This designation is also required for any cloud service to enter the Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) process.


Clara Conti, Vice President and General Manager for Public Sector in North America for Red Hat, explores how new technologies like containerization, microservices and the service mesh can help Federal agencies attain greater flexibility.
This ebook examines how potential outcomes drive cloud strategies in a post-pandemic world. Featuring insights from government agencies, including: USDA, Commerce, and State; GAO and DHS; DIU and DISA; NGA; and the U.S. Army.
Eric McGrane, GDIT's Growth Leader of the Defense Enterprise Services Sector, explains how SaaS can eliminate data transaction fees.

Community Trends Blog


Hosted By: Microsoft Azure, Schellman, Anitian & Carahsoft
Carahsoft May 18, 2022
Carahsoft 12:00 PM ET

Hosted By: Adobe & Carahsoft
Carahsoft May 24, 2022
Carahsoft 1:00 PM ET
Carahsoft   CPE Eligible



Carahsoft June 28, 2021

MongoDB Atlas for Government achieves FedRAMP Ready Status. This new offering provides the simplest way to deploy, operate, and scale the database for modern applications, all in a FedRAMP Ready environment that helps customers meet the most demanding data security and privacy standards.


Carahsoft April 14, 2021

Trend Micro Incorporated, the leader in cloud security, now offers two new FedRAMP authorized cloud security services running on AWS GovCloud.