FedRAMP Joint Authorization Board Provisional ATO

E310852

The FedRAMP Joint Authorization Board Provisional ATO is a high-level, government-wide security authorization granted by the FedRAMP JAB that allows cloud services to be used by multiple U.S. federal agencies after meeting rigorous security and compliance standards.

All labels observed (1)

How this entity was disambiguated

Statements (48)

Predicate Object
instanceOf FedRAMP authorization
Provisional Authority to Operate
security authorization
appliesTo cloud service offering
cloud service provider environment
authorizedBy Department of Defense representative on JAB
Office of the Chief Security Officer of DHS
surface form: Department of Homeland Security representative on JAB

Chief Information Officer of GSA
surface form: General Services Administration representative on JAB
basedOn Federal Risk and Authorization Management Program
surface form: FedRAMP Security Assessment Framework

FedRAMP security controls
NIST SP 800-53
surface form: NIST SP 800-53 security controls
characteristic highly selective authorization path
intended for cloud services with broad government demand
subject to ongoing security reporting
subject to periodic reassessment
documentedIn FedRAMP Marketplace package
enables agency reuse of FedRAMP security package
governedBy FedRAMP policies and procedures
OMB cloud computing and security guidance
grantedBy Joint Authorization Board
surface form: FedRAMP Joint Authorization Board

JAB
grants ability for agencies to issue their own ATOs based on JAB package
provisional authority to operate for a cloud service
jurisdiction United States government
surface form: United States federal government
language English
mayCover FedRAMP High impact level
FedRAMP Moderate
surface form: FedRAMP Moderate impact level
purpose demonstrate that a cloud service meets FedRAMP security requirements
enable reuse of cloud security authorization by multiple agencies
support government-wide cloud adoption
relatedTo FedRAMP Agency ATO
agency Authority to Operate
requires FedRAMP-accredited 3PAO assessment
JAB approval of security package
JAB review of risk posture
continuous monitoring
incident reporting to FedRAMP and customer agencies
independent third-party assessment organization
plan of action and milestones
provider implementation of FedRAMP baseline controls
security assessment report
system security plan
scope authorization for use by multiple agencies
government-wide authorization for a specific cloud service
statusType provisional authorization rather than full agency ATO
usedBy multiple U.S. federal agencies
usedWithin Federal Risk and Authorization Management Program
surface form: FedRAMP

Federal Risk and Authorization Management Program

How these facts were elicited

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

cloud.gov platform complianceLevel FedRAMP Joint Authorization Board Provisional ATO