FedRAMP Agency ATO

E1023365

FedRAMP Agency ATO is the formal authorization granted by an individual federal agency allowing a cloud service to operate within that agency’s environment under the FedRAMP security framework.

All labels observed (1)

Label Occurrences
FedRAMP Agency ATO canonical 1

How this entity was disambiguated

Statements (47)

Predicate Object
instanceOf FedRAMP authorization type
security authorization
appliesTo cloud service offerings
cloud service providers
federal information systems hosted in the cloud
authorizedBy agency Authorizing Official
individual federal agency
basedOnFramework FedRAMP security framework
NIST SP 800-53 security controls NERFINISHED
constrainedBy FedRAMP baseline controls NERFINISHED
agency risk tolerance
applicable federal laws and regulations
differsFrom FedRAMP JAB ATO NERFINISHED
governmentwide provisional ATO
documentedIn FedRAMP Marketplace listings when applicable
agency authorization decision letter
governsDomain cloud service authorization
grants authorization to operate within a specific agency environment
includes authorization termination conditions
conditions for continued operation
legalBasis Federal Information Security Modernization Act NERFINISHED
OMB federal information security policies
mayLeverage FedRAMP JAB Provisional ATO NERFINISHED
another agency’s FedRAMP Agency ATO package
objective ensure cloud services meet FedRAMP security requirements for a specific agency
manage agency-specific risk for cloud deployments
partOf FedRAMP authorization process
preconditionFor production use of a cloud service by an agency
regulatedBy Federal Risk and Authorization Management Program NERFINISHED
U.S. federal government cloud security policies
relatedTo FedRAMP JAB ATO NERFINISHED
requires FedRAMP-compliant security package
agency-specific privacy and compliance review
agency-specific risk analysis
continuous monitoring strategy
ongoing continuous monitoring reporting to the agency
periodic security status updates
plan of action and milestones
remediation of identified vulnerabilities
security assessment report
system security plan
resultsIn defined authorization boundary for the cloud system
formal written authorization decision
scope agency-specific use of a cloud service
single federal agency
usedBy U.S. federal civilian agencies NERFINISHED
U.S. federal defense and national security agencies when applicable policies allow

How these facts were elicited

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.