Information in this chapter:
• Introduction to FedRAMP
• FedRAMP Policy Memo
• FedRAMP Concept of Operations
• Third Party Assessment Organization Program
Introduction to FedRAMP
In mid-2009, an inter-agency effort,1 created under the Federal Cloud Computing Initiative,2 was established to focus on solving a single problem statement—How do we best perform security authorization and continuous monitoring for outsourced and multi-agency systems?. This problem included addressing barriers to the adoption of cloud computing solutions and the cost-effective consolidation of data centers and applications. Traditionally, federal agencies have independently conducted risk management activities through the certification ...