This chapter provides a primer on the Federal Risk and Authorization Management Program (FedRAMP). An introduction to initial goals of FedRAMP is followed with a detailed examination of the FedRAMP Policy Memo and the organization of the program to establish a unified, government-wide risk management process. The FedRAMP Securtiy Assessment Framework is presented with a close look at each of the FedRAMP phases. The FedRAMP Third Party Assessment Organization (3PAO) program is also briefly discussed with a focus on how the 3PAO program supports the authorization of cloud services.
FedRAMP; cloud computing; policy memo; JAB; FISMA; security; CONOPS; concept of operations; 3PAO
Information in this chapter: