Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » FedRAMP » FedRAMP

FedRAMP

FedRAMP or Federal Risk and Authorization Management Program is a government-led compliance program to make the adoption of cloud services across federal agencies secure and efficient. The FedRAMP Authorization Act of 2022 further made FedRAMP a stronger standard after which it was also incorporated into the National Defense Authorization Act (NDAA) in the U.S.

The main aim of FedRAMP is to provide companies with a standardized approach to security measures for products and services in the cloud. This program provides an integrated approach to security assessment, continuous monitoring and authorization to protect sensitive information. It determines the processes that are to be used by cloud businesses so they are qualified to provide services to federal agencies. 

Businesses can have their cloud service authorized for use by federal agencies one of two ways:

1. Joint Authorization Board (JAB) provisional authorization: JAB includes representatives from GSA (General Services Administration), DoD (Department of Defense) and DHS (Department of Homeland Security).
2. Individual Agencies: An individual authorization can be obtained based on specific needs and requirements. This route is usually more favorable, but it requires the cloud business to undergo a separate evaluation or audit to acquire an ATO (Authority to Operate).

Additional reading

Is your GRC system outdated
Blogs

Your GRC Function Might Be Obsolete— Or Maybe Not.

As a leader, you might not realize that your function accumulates debt—not financial debt, but technical and procedural debt, which builds up quietly over time as systems age and processes go unchecked.  As your GRC function matures, minor inefficiencies can snowball into much larger issues. What was once cutting-edge is now outdated, creating friction that…
ISO 27001
Blogs ISO 27001

ISO 27001 Compliance: Guide to Security Framework

Organizations depend on data and have processes and tools to transmit, access, and store it, but seldom take effective measures to secure it. Internal safeguards often fail to protect it and prove inadequate against major attacks. Bad actors and hackers often exploit these inadequacies. Organizations in their attempt to secure their business environment go a…
Identity risk
Blogs

“You Don’t Exist in the System”: What GRC Gets Wrong About Identity Risk

In the hierarchy of security risks, identity rarely makes the front page. It’s often relegated to access control matrices and provisioning workflows—important, yes, but rarely urgent. It’s considered a convenience feature. A means to an end. Until the day it vanishes. “I went to the unemployment agency,” says Alexandre Blanc, a cybersecurity expert and former…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales