What is FedRAMP

• FedRAMP stands for 'Federal Risk and Authorization Management Program'
• A (US) government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies.

Why is FedRAMP important

• FedRAMP is mandatory for all US federal agencies and all cloud services.
• a wealth of opportunities open to them to expand their CSO offerings throughout various federal government agencies and offices.

How to become FedRAMP-authorized

• The cloud service provider (CSP) has been granted an Agency Authority to Operate (ATO) by a US federal agency, or a Provisional Authority to Operate (P-ATO) by the Joint Authorization Board (JAB).
• The CSP meets the FedRAMP security control requirements as described in the National Institutes of Standards & Technology (NIST) 800-53, Rev. 4 security control baseline for moderate or high impact levels.
• All system security packages must use the required FedRAMP templates.
• The CSP must be assessed by an approved third-party assessment organization (3PAO).
• The completed security assessment package must be posted in the FedRAMP secure repository.

I18891 Product Enhancements For FedRamp Compliance

• F35010: Workflow to allow PLA/SYA to deploy containerized deployments on Amazon Managed Elastic Kubernetes Service (EKS) in GovCloud with FedRamp Compliance

• F35007: Product enhancements for FIPS-140-2 Compliance to Support FedRamp Certification

• F35008: Enhancements to Support FedRamp Security Audit Logging