The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Cloud Service Providers (CSPs) offering low or moderate impact cloud services to federal agencies must meet FedRAMP requirements.
Carahsoft offers FedRAMP solutions for two different stages of compliancy. The first solution is compliant, where the cloud system has demonstrated FedRAMP compliance and can be leveraged by any agency. The second solution is In Process, where the cloud system is actively working with the government through the FedRAMP Security Assessment Framework (SAF).
The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The Federal Government adopted the Cloud First Policy, which requires all cloud service providers that hold federal data must be FedRAMP certified. FedRAMP compliance enables federal agencies to:
Cloud Service Providers (CSPs) that hold federal data must meet FedRAMP requirements. The cloud solutions listed below have taken one of three paths to become FedRAMP certified: JABProvisional Authorization (P-ATO), Agency Authorization, or FedRAMP Ready Certification.
Government agencies and organizations should select a cloud service offering that is FedRAMP certified as it meets the NIST 800-53 Control Framework. This reduces the impact of security threats for agencies and making the solution/service easily translatable to achieve other security standards.
Carahsoft offers FedRAMP solutions for four different security baselines: High (421 controls), Moderate (325 Controls), Low (125 Controls) and LI SAAS (38 controls). Carahsoft also offers FedRAMP solutions for three different stages of compliance:
These cloud systems have security packages reflecting the completion of the FedRAMP Security Assessment Framework. A CSP who has achieved an “Authorized” designation is listed on FedRAMP’s Marketplace.
FedRAMP In Process
These cloud systems are actively working with the government through the FedRAMP Security Assessment Framework. This designation indicates the CSP is actively working on the documentation for become certified and is working with an agency that is reviewing that documentation with the intent to provide an ATO that meets FedRAMP requirements. A CSP who has achieved an “In Process” designation is listed on FedRAMP’s Marketplace.
These systems are ready to begin the FedRAMP Security Assessment Framework and include cloud systems and open source builds. This compliance indicates that a Third Party Assessment Organization (3PAO) attests to a cloud service’s readiness for the authorization process, and that a Readiness Assessment Report (RAR) has been reviewed and approved by the FedRAMP PMO. This designation is also required for any cloud service to enter the Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) process.
April 19th, 2021
Read the latest insights on the future of FedRAMP from Carahsoft’s technology partners and leaders at FedRAMP, CISA, NIST, GSA, DoD and DHS.
March 8th, 2021
Learn about StateRAMP's goal to create a framework for continuous improvement in cybersecurity for governments and providers on Carahsoft's Community Blog.
January 29th, 2021
Okta's Chris Niggel talks the importance of choosing the right security solutions, keeping users engaged and where agencies will focus their efforts in the future.
January 15th, 2021
Learn about how to efficiently move to the cloud and what it can do for you from Servicenow's Hayri Tarhan on the Carahsoft Community Blog.
January 8th, 2021
Salesforce's Matt Goodrich discusses FedRAMP's risk-based approach to cybersecurity and its benefits on the Carahsoft Community Blog.
December 29th, 2020
Red Hat's David Egts explains why moving to the cloud and embracing open source can help agencies achieve success on the Carahsoft Community Blog.
December 16th, 2020
Follow subject matter experts from Anitian, AWS, and A-LIGN as they discuss navigating a FedRAMP authorization journey on the Carahsoft Community Blog.
January 27th, 2020
Read Carahsoft's Top 10 Blogs of 2019 focusing on the top Government IT trends and initiatives, including Customer Engagement, DevOps and Cloud Computing.
Hosted By: Carahsoft
November 30, 2021
2:00 PM ET
June 28, 2021
MongoDB Atlas for Government achieves FedRAMP Ready Status. This new offering provides the simplest way to deploy, operate, and scale the database for modern applications, all in a FedRAMP Ready environment that helps customers meet the most demanding data security and privacy standards.
April 14, 2021
Trend Micro Incorporated, the leader in cloud security, now offers two new FedRAMP authorized cloud security services running on AWS GovCloud.