Carahsoft is pleased to deliver best-of-breed hardware, software, and support solutions demanded by today's public sector marketplace.
Federal Risk and Authorization Management Program, or FedRAMP, is a
government-wide program that provides a standardized approach to security
assessment, authorization, and continuous monitoring for cloud products and
services. The Federal Government has adopted a cloud-first approach and
requires that 100% of cloud consumer by the Federal Government must be FedRAMP
authorized. This is to ensure protection of US citizen data in the cloud
through a rigorous security compliance framework.
Cloud Service Providers (CSPs) offering low or moderate impact cloud services to federal agencies must meet FedRAMP requirements. The cloud systems listed below have taken one of three paths to become FedRAMP compliant:), , or
Government agencies and organizations should select a cloud offering or service that is FedRAMP certified as the CSP has proven that their solution has been vetted to meet the NIST 800-53 Control Framework, reducing the impact of security threats for agencies and making the solution/service easily translatable to meet other security standards.
Carahsoft offers FedRAMP solutions for four different security baselines: High (421 controls), Moderate (325 Controls), Low (125 Controls) and LI SAAS (38 controls). Carahsoft also offers FedRAMP solutions for three different stages of compliance[LD2] :
These cloud systems have security packages reflecting the completion of the FedRAMP Security Assessment Framework[LD3] . A CSP who has achieved an “Authorized” designation is listed on FedRAMP’s
FedRAMP In Process
These cloud systems are actively working with the government through the FedRAMP Security Assessment Framework. This designation indicates the CSP is actively working on the documentation for become authorized and is working with an agency that is reviewing that documentation with the intent to provide an ATO that meets FedRAMP requirements. A CSP who has achieved an “In Process” designation is listed on FedRAMP’s
These systems are ready to begin the FedRAMP Security Assessment Framework and include cloud systems and open source builds. This compliance indicates that a Third Party Assessment Organization (3PAO) attests to a cloud service’s readiness for the authorization process, and that a Readiness Assessment Report (RAR) has been reviewed and approved by the FedRAMP PMO. This designation is also required for any cloud service to enter the Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) process.