Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect / IR - Infrastructure / Cloud

Federal Risk and Authorization Management Program (FedRAMP)

This document focuses on:

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by U.S. federal agencies. It eliminates redundant security evaluations by allowing an “authorize once, use many times” model, where a Cloud Service Provider (CSP) meets a unified security baseline—typically based on NIST SP 800-53—to achieve an Authority to Operate (ATO). From a cybersecurity perspective, the program is a rigorous implementation of the Risk Management Framework (RMF), focusing on Cloud Security, Supply Chain Risk Management (SCRM), and Continuous Monitoring. It categorizes cloud systems into Low, Moderate, or High impact levels, requiring strictly verified controls in areas such as Identity and Access Management (IAM), Incident Response, and Data Encryption (often requiring FIPS 140-validated modules) to ensure the protection of federal data in the cloud.


Publication's URL

https://www.fedramp.gov/

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *