The Federal Risk and Authorization Management Program (FedRAMP) is an accreditation process for cloud computing and cloud services to ensure security for use by the federal government. It is overseen by CIOs from DoD, DHS, and GSA, which make up the Joint Authorization Board for FedRAMP. Before FedRAMP, individual organizations had to do their own accreditation.
The process consists of a preselected subset of
NIST 800-53 controls for Low- and Medium-impact (according to
FIPS 199 class) cloud services. Under this process, cloud services are evaluated for impact on existing systems, and then appropriate preselected controls are tested by a third-party accreditation organization to certify the product.