FEDRAMP
Federal Risk and Authorization Management Program
FedRAMP is the U.S. government’s mandatory approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP is required for Federal Agency cloud deployments and service models at any risk impact level and is required to receive an Authority to Operate or Provisional Authority to Operate. Obtain security controls above the NIST SP 800-53 Revision 4 baseline that address the unique elements of cloud computing.
Requirements
Auditor required to apply?
Yes. A third party assessment organization is required in most cases.
Federal, state, or industry requirement?
Yes. Mandatory for federal agency cloud deployments and service models at the low, moderate, and high-risk impact levels.
Why Seek FEDRAMP?
- Receive an Agency Authority to Operate.
- Conduct business with U.S. federal agencies.
- Meet requirements as a federal agency cloud deployment or service model.
- Establish confidence in the security of your services.
A Typical FedRAMP Engagement
Timeline: 3-6 months for initial certification
Day 0
Project initiation and kickoff
Day 1
Begin categorizing information system
Day 7
Finish low-medium-high impact levels
Day 14
Conduct a risk assessment
Day 21
Research execution of security controls
Day 30
Develop 33% of policies and procedures
Day 45
Conduct incident response exercise
Day 60
Develop 66% of policies and procedures
Day 90
Provide 100% of policies and procedures
Day 120
Provide 50% of FedRAMP Package
Test system with 3PAO or IA
Day 150
Provide plan of action and milestones
Provide 100% of FedRAMP Package
Let’s get you on the right track.
Fill out the form to talk to a Neutral Partners expert about FEDRAMP, and we’ll be in touch as soon as possible.
"*" indicates required fields