The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The Federal Government adopted the Cloud First Policy, which requires all cloud service providers that hold federal data must be FedRAMP certified. FedRAMP compliance enables federal agencies to:
Cloud Service Providers (CSPs) that hold federal data must meet FedRAMP requirements. The cloud solutions listed below have taken one of three paths to become FedRAMP certified: JABProvisional Authorization (P-ATO), Agency Authorization, or FedRAMP Ready Certification.
Government agencies and organizations should select a cloud service offering that is FedRAMP certified as it meets the NIST 800-53 Control Framework. This reduces the impact of security threats for agencies and making the solution/service easily translatable to achieve other security standards.
Carahsoft offers FedRAMP solutions for four different security baselines: High (421 controls), Moderate (325 Controls), Low (125 Controls) and LI SAAS (38 controls). Carahsoft also offers FedRAMP solutions for three different stages of compliance:
These cloud systems have security packages reflecting the completion of the FedRAMP Security Assessment Framework. A CSP who has achieved an “Authorized” designation is listed on FedRAMP’s
These cloud systems are actively working with the government through the FedRAMP Security Assessment Framework. This designation indicates the CSP is actively working on the documentation for become certified and is working with an agency that is reviewing that documentation with the intent to provide an ATO that meets FedRAMP requirements. A CSP who has achieved an “In Process” designation is listed on FedRAMP’s
These systems are ready to begin the FedRAMP Security Assessment Framework and include cloud systems and open source builds. This compliance indicates that a Third Party Assessment Organization (3PAO) attests to a cloud service’s readiness for the authorization process, and that a Readiness Assessment Report (RAR) has been reviewed and approved by the FedRAMP PMO. This designation is also required for any cloud service to enter the Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) process.