Federal Risk and Authorization Management Program

E308975

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government-wide framework that standardizes security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies.

All labels observed (4)

How this entity was disambiguated

Statements (49)

Predicate Object
instanceOf U.S. federal program
government security program
abbreviation Federal Risk and Authorization Management Program self-linksurface differs
surface form: FedRAMP
appliesTo U.S. federal agencies
cloud products
cloud services
authorizingBodies Joint Authorization Board
basedOnStandard FIPS 199
FIPS 200
NIST SP 800-53
benefit increased security consistency across agencies
reduced duplication of security assessments
reuse of security authorizations
collaboratesWith United States Department of Homeland Security
surface form: Department of Homeland Security

National Institute of Standards and Technology
Office of Management and Budget
country United States of America
surface form: United States
definesProcess authorization to operate
continuous monitoring of cloud systems
security assessment
establishedBy Office of Management and Budget
surface form: U.S. Office of Management and Budget
excludes most Department of Defense on-premises systems
focusesOn cloud computing security
information security
risk management
governingBody U.S. General Services Administration
hasAcronym 3PAO
hasAuthorizationType Agency Authority to Operate
Provisional Authority to Operate
hasWebsite https://www.fedramp.gov
JointAuthorizationBoardMembers Department of Defense
United States Department of Homeland Security
surface form: Department of Homeland Security

U.S. General Services Administration
surface form: General Services Administration
jurisdiction United States government
surface form: U.S. federal government
language English
overseenBy FedRAMP Program Management Office
policyInstrument OMB memorandum
purpose standardize continuous monitoring for cloud services
standardize security assessment for cloud services
standardize security authorization for cloud services
requires independent third-party assessment
requiresComplianceFrom cloud service providers seeking federal customers
scope federal civilian agencies
sector information technology governance
public sector
uses Third Party Assessment Organizations
usesConcept continuous monitoring
risk-based categorization
security controls baseline

How these facts were elicited

Referenced by (8)

Full triples — surface form annotated when it differs from this entity's canonical label.

FedRAMP Program Management Office partOf Federal Risk and Authorization Management Program
FedRAMP Program Management Office usesFramework Federal Risk and Authorization Management Program
this entity surface form: FedRAMP Security Assessment Framework
Amazon S3 supportsCompliance Federal Risk and Authorization Management Program
this entity surface form: FedRAMP (for eligible regions and accounts)
Federal Risk and Authorization Management Program abbreviation Federal Risk and Authorization Management Program self-linksurface differs
this entity surface form: FedRAMP
GSA operatesProgram Federal Risk and Authorization Management Program
this entity surface form: FedRAMP
FedRAMP Joint Authorization Board Provisional ATO usedWithin Federal Risk and Authorization Management Program
FedRAMP Joint Authorization Board Provisional ATO usedWithin Federal Risk and Authorization Management Program
this entity surface form: FedRAMP
FedRAMP Joint Authorization Board Provisional ATO basedOn Federal Risk and Authorization Management Program
this entity surface form: FedRAMP Security Assessment Framework