How to Become FedRAMP Authorized | FedRAMP.gov (original) (raw)

Information for Our Partners

Cloud Service Providers

Provide your Cloud Service Offering to the federal government

Start Process

Federal Agencies

Adopt innovative cloud services to meet your agency’s mission needs

Learn How

Assessors

Act as a third party to perform initial and periodic security assessments

Review Steps

FedRAMP Authorization Process

Federal Agency Process

Federal Agency Process

Federal Agency Readiness Assessment Federal Agency Pre Authorization Federal Agency Full Security Assessment Federal Agency Authorization Process

Federal Agency Readiness Assessment Federal Agency Pre Authorization Federal Agency Full Security Assessment Federal Agency Authorization Process

Readiness Assessment

Full Security Assessment

Agency Authorization Process

There are 2 main paths available to follow as a part of the FedRAMP authorization process. The path a CSP selects depends on their business strategy. There are 2 main paths available to follow as a part of the FedRAMP authorization process. The path a CSP selects depends on their business strategy. There are 2 main paths available to follow as a part of the FedRAMP authorization process. The path a CSP selects depends on their business strategy.

The first step of the process is for a Cloud Service Provider (CSP) to find a federal agency to partner with. Once an agency is identified and has agreed to partnership the CSP and agency begin working together towards an authorization starting with a full security assessment and finishing with an authorization process. Once the authorization process is complete, a CSP must engage in continuous monitoring to ensure that the risk accepted at the time of authorization remains acceptable. An agency ATO signifies the agency partner reviewed the security package and deemed the risk acceptable for their use. Upon completion of the agency ATO, the package is then reviewed by FedRAMP and when deemed acceptable for government-wide reuse it is granted FedRAMP Authorization on the marketplace.

FedRAMP at a Glance