FedRAMP

Learn about FedRAMP, a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

Key Features

Why developers choose FedRAMP.

Applicability

Mandatory for any Cloud Service Provider (CSP) selling to federal agencies.

Status

Mandatory for U.S. Federal Government cloud deployments.

Core Requirement

A lengthy and expensive authorization process based on NIST 800-53 controls, assessed by a Third-Party Assessment Organization (3PAO).

Output

An Authority to Operate (ATO) from a federal agency or a Provisional ATO (P-ATO) from the Joint Authorization Board (JAB).

Perception

Considered the "gold standard" in cloud security, demonstrating a very high level of security assurance.

Implementation & Strategy

Costs, timelines, and strategic considerations for adopting FedRAMP.

Estimated Project Costs

FedRAMP authorization is a very expensive undertaking. A small organization might spend between $250,000 and $500,000, while a mid-sized organization could spend between $500,000 and $1,000,000. Large, enterprise-level organizations can exceed $1,000,000.

Implementation Strategy

A typical FedRAMP implementation starts with a readiness assessment to identify the organization's current security posture. From there, the organization can develop a remediation plan and implement the necessary controls. The final step is to undergo a formal audit by a 3PAO and to obtain an ATO from a federal agency.