Chapter 8

FedRAMP primer

Abstract

This chapter provides a primer on the Federal Risk and Authorization Management Program (FedRAMP). An introduction to initial goals of FedRAMP is followed with a detailed examination of the FedRAMP Policy Memo and the organization of the program to establish a unified, government-wide risk management process. The FedRAMP Securtiy Assessment Framework is presented with a close look at each of the FedRAMP phases. The FedRAMP Third Party Assessment Organization (3PAO) program is also briefly discussed with a focus on how the 3PAO program supports the authorization of cloud services.

Keywords

FedRAMP; cloud computing; policy memo; JAB; FISMA; security; CONOPS; concept of operations; 3PAO

Information in this chapter:

Get Federal Cloud Computing, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.