
237
Chapter 18
FedRAMP
Entry or Exit Ramp for Cloud Security?
Debra S. Herrmann
e U.S. government agencies that plan to use cloud computing products and services are now
required to use products and services that have
1. Been through a formal security evaluation by an accredited third-party assessment organiza-
tion (3PAO)
2. Received a provisional authorization from the FedRAMP Joint Authorization Board (JAB)
is chapter describes the FedRAMP security evaluation process and the roles and respon-
sibilities of cloud service providers (CSPs) and vendors, 3PAOs, system integrators, and federal
agencies.
Background
On December 8, 2011, the U.S. Office of ...