Compliance Glossary

A Joint Authorization Board or JAB provides FedRAMP (Federal Risk and Authorization Management Program) authorization to cloud service providers. 

The Board consists of the Chief Information Officers (CIOs) from the DHS (Department of Homeland Security, DoD (Department of Defense), and GSA (General Services Administration). 

The JAB reviews authorization packages based on the priority queue for cloud businesses. It is also responsible for assessing the requirements under the FedRAMP security authorization and updating it if necessary. 

Once a business has been selected to be sponsored by JAB, it will be required to create a Readiness Assessment Report (RAR) within a period of 60 days. An RAR contains specific information regarding the capability of the business toward meeting FedRAMP guidelines and requirements.

The JAB designates a “FedRAMP Ready,” stamp after which shows the CSP has been assessed by a Third Party Assessment Organization (3PAO)  and is acceptable as per FedRAMP requirements. After this, a CSP is listed in the FedRAMP marketplace.

After FedRAMP authorization, the JAB continues to monitor the cloud products and services of these business entities, ensuring the continuation of their level of compliance with standards on security and their ability to address issues that arise.

If the JAB grants provisional approval for any cloud service, agencies are empowered to provide their own security authorizations and ATOs. The board must also notify agencies promptly of any changes or removals of provisional approvals.