Compliance Glossary

FedRAMP or Federal Risk and Authorization Management Program is a government-led compliance program to make the adoption of cloud services across federal agencies secure and efficient. The FedRAMP Authorization Act of 2022 further made FedRAMP a stronger standard after which it was also incorporated into the National Defense Authorization Act (NDAA) in the U.S.

The main aim of FedRAMP is to provide companies with a standardized approach to security measures for products and services in the cloud. This program provides an integrated approach to security assessment, continuous monitoring and authorization to protect sensitive information. It determines the processes that are to be used by cloud businesses so they are qualified to provide services to federal agencies. 

Businesses can have their cloud service authorized for use by federal agencies one of two ways:

1. Joint Authorization Board (JAB) provisional authorization: JAB includes representatives from GSA (General Services Administration), DoD (Department of Defense) and DHS (Department of Homeland Security).
2. Individual Agencies: An individual authorization can be obtained based on specific needs and requirements. This route is usually more favorable, but it requires the cloud business to undergo a separate evaluation or audit to acquire an ATO (Authority to Operate).