Jump to content

FedRAMP: Difference between revisions

Edit links
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Mrzaius (talk | contribs)
11,701 edits
very rough first draft - easy to demonstrate notability/many popular press articles and participating vendors/more to follow
Mrzaius (talk | contribs)
11,701 edits
a search for 3PAO yields several other articles to import existing refs from
Line 1: Line 1:
U.S. Federal Agencies have been directed by the [[Office of Management and Budget]]<ref>[https://www.whitehouse.gov/sites/default/files/omb/memoranda/2014/m-14-03.pdf OMB M-14-03 (2014)]</ref> to use a process called '''FedRAMP''' (a backronym from '''Federal Risk and Authorization Management Program''') to assess and authorize [[cloud computing]] products and services. Federal CIO Steven VanRoekel issued a memorandum to federal agency Chief Information Officers on December 8, 2011 defining how federal agencies should use FedRAMP. FedRAMP consists of a subset of NIST Special Publication 800-53 security controls specifically selected to provide protection in cloud environments. A subset has been defined for the FIPS 199 low categorization and the FIPS 199 moderate categorization. The FedRAMP program has also established a Joint Accreditation Board (JAB) consisting of Chief Information Officers from [[United States Department of Defense|DoD]], [[United States Department of Homeland Security|DHS]], and [[General Services Administration|GSA]]. The JAB is responsible for establishing accreditation standards for 3rd party organizations who perform the assessments of cloud solutions. The JAB also reviews authorization packages, and may grant provisional authorization (to operate). The federal agency consuming the service still has final responsibility for final authority to operate.<ref>{{cite web|url=http://www.gsa.gov/portal/category/102375|title=About FedRAMP|date=2012-06-13|work=U.S. [[General Services Administration]]|accessdate=2015-05-06}}</ref>
U.S. Federal Agencies have been directed by the [[Office of Management and Budget]]<ref>[https://www.whitehouse.gov/sites/default/files/omb/memoranda/2014/m-14-03.pdf OMB M-14-03 (2014)]</ref> to use a process called '''FedRAMP''' (a backronym from '''Federal Risk and Authorization Management Program''') to assess and authorize [[cloud computing]] products and services. Federal CIO Steven VanRoekel issued a memorandum to federal agency Chief Information Officers on December 8, 2011 defining how federal agencies should use FedRAMP. FedRAMP consists of a subset of NIST Special Publication 800-53 security controls specifically selected to provide protection in cloud environments. A subset has been defined for the FIPS 199 low categorization and the FIPS 199 moderate categorization. The FedRAMP program has also established a Joint Accreditation Board (JAB) consisting of Chief Information Officers from [[United States Department of Defense|DoD]], [[United States Department of Homeland Security|DHS]], and [[General Services Administration|GSA]]. The JAB is responsible for establishing accreditation standards for 3rd party organizations who perform the assessments of cloud solutions. The JAB also reviews authorization packages, and may grant provisional authorization (to operate). The federal agency consuming the service still has final responsibility for final authority to operate.<ref>{{cite web|url=http://www.gsa.gov/portal/category/102375|title=About FedRAMP|date=2012-06-13|work=U.S. [[General Services Administration]]|accessdate=2015-05-06}}</ref> Participating vendors sell a variety of hosting services, [[Software as a Service]] packages, and Third Party Accreditation Organizations (3PAO) that provide accreditation services to other vendors.


== See also ==
== See also ==

Revision as of 09:51, 6 May 2015

U.S. Federal Agencies have been directed by the Office of Management and Budget[1] to use a process called FedRAMP (a backronym from Federal Risk and Authorization Management Program) to assess and authorize cloud computing products and services. Federal CIO Steven VanRoekel issued a memorandum to federal agency Chief Information Officers on December 8, 2011 defining how federal agencies should use FedRAMP. FedRAMP consists of a subset of NIST Special Publication 800-53 security controls specifically selected to provide protection in cloud environments. A subset has been defined for the FIPS 199 low categorization and the FIPS 199 moderate categorization. The FedRAMP program has also established a Joint Accreditation Board (JAB) consisting of Chief Information Officers from DoD, DHS, and GSA. The JAB is responsible for establishing accreditation standards for 3rd party organizations who perform the assessments of cloud solutions. The JAB also reviews authorization packages, and may grant provisional authorization (to operate). The federal agency consuming the service still has final responsibility for final authority to operate.[2] Participating vendors sell a variety of hosting services, Software as a Service packages, and Third Party Accreditation Organizations (3PAO) that provide accreditation services to other vendors.

See also

References

  1. ^ OMB M-14-03 (2014)
  2. ^ "About FedRAMP". U.S. General Services Administration. 2012-06-13. Retrieved 2015-05-06.
Stub icon

This United States-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=FedRAMP&oldid=661077610"