FedRAMP Security Controls
The Federal Risk and Authorisation Management Program (FedRAMP) is a U.S. Government-wide program that provides a standardised approach to security assessment, authorisation, and continuous monitoring for cloud-based services. FedRAMP uses a “do once, use many times” framework, FedRAMP reduces the cost of FISMA (Federal Information Security Management Act) compliance and enables Government entities to secure Government data and detect cyber security vulnerabilities at unprecedented speeds. FedRAMP was developed in collaboration with the National Institute of Standards and Technology (NIST), the General Services Administration (GSA), the Department of Defence (DOD), and the Department of Homeland Security (DHS). Many other Government Agencies and working groups participated in reviewing and standardising the controls, policies and procedures.
For marketing their Cloud Service Offerings (CSOs) to the US government, Cloud Service Providers (CSPs) must prove FedRAMP compliance.To guarantee that authorizations are consistent with the Federal Information Security Management Act, FedRAMP employs the NIST Special Publication 800 series and mandates that cloud service providers perform an independent security assessment carried out by a third-party assessment organisation (3PAO) (FISMA).
There are two ways to authorize a cloud service through FedRAMP: a Joint Authorization Board (JAB) provisional authorization (P-ATO), and through individual agencies.Visit the FedRAMP website for further details.
FedRAMP is important because it increases:
- Consistency and confidence in the security of cloud solutions using National Institutes of Standards & Technology (NIST) and FISMA defined standards
- Transparency between US government and cloud providers
- Automation and near real time continuous monitoring
- Adoption of secure cloud solutions through reuse of assessments and authorizations
Getting StartedClick "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.