Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » FedRAMP » FedRAMP

FedRAMP

FedRAMP or Federal Risk and Authorization Management Program is a government-led compliance program to make the adoption of cloud services across federal agencies secure and efficient. The FedRAMP Authorization Act of 2022 further made FedRAMP a stronger standard after which it was also incorporated into the National Defense Authorization Act (NDAA) in the U.S.

The main aim of FedRAMP is to provide companies with a standardized approach to security measures for products and services in the cloud. This program provides an integrated approach to security assessment, continuous monitoring and authorization to protect sensitive information. It determines the processes that are to be used by cloud businesses so they are qualified to provide services to federal agencies. 

Businesses can have their cloud service authorized for use by federal agencies one of two ways:

1. Joint Authorization Board (JAB) provisional authorization: JAB includes representatives from GSA (General Services Administration), DoD (Department of Defense) and DHS (Department of Homeland Security).
2. Individual Agencies: An individual authorization can be obtained based on specific needs and requirements. This route is usually more favorable, but it requires the cloud business to undergo a separate evaluation or audit to acquire an ATO (Authority to Operate).

Additional reading

Building Stronger Defenses: A Practical Guide to Essential 8

TL,DR: The Essential 8 is an Australian Cyber Security Centre (ACSC) framework with 4 maturity levels: Level 0 (no implementation), Level 1 (basic controls for common threats), Level 2 (consistent application reducing exploitable gaps), and Level 3 (fully optimized defenses against sophisticated attacks) The 8 strategies cover application control, patching applications, configuring Microsoft Office macro…

SprintoGRC and Sopra Steria North America Announce Partnership

SprintoGRC, a modern-age GRC Platform, announces a formidable strategic partnership with Sopra Steria North America, a major technology player recognized for its consulting, digital services, and software development. In 2023, the Sopra Steria Group generated revenues of $8.5 billion. As digital transformation accelerates, the world becomes more vulnerable to Cyber Attacks. According to the latest…

ISO 27001 Acceptable Use Policy: Requirements, Template, and Best Practices

Scaling a fast-growing tech company comes with invisible risks. As new people, devices, and apps flood your environment, the chances of misuse, accidental data leaks, or non-compliance skyrocket. Founders and compliance leaders often discover too late that while technical controls are in place, one unclear policy, or worse, no policy at all, can derail an…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales