Federal Risk and Authorization Management Program (FedRAMP) is a program that has been developed by the General Services Administration (GSA). The intent of the program is to provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
The standardized approach allows agency officials to select cloud based systems and providers with a pre-determined amount of risk.
Below are some examples of risk based decisions that can be quickly determined via the FedRAMP process:
- Does the system contain the proper security controls required for the type of data that will be stored and processed?
- I need additional controls for specific data that will be stored in system. Will the system accommodate my special needs?
- I would like to store and process PII and PHI can the system support this?