What is FedRAMP? How cloud providers get authorized to work with the U.S. government
The Federal Risk and Authorization Management Program, or FedRAMP, is a program by which the U.S. federal government determines whether cloud products and services are secure enough to be used by federal agencies. While the process for getting the FedRAMP seal of approval is complex, it can ultimately be lucrative for companies that are certified, not least because it signals a commitment to security to non-government customers as well.
Strictly speaking, FedRAMP is a risk management program. It was created to support the federal Cloud First policy, which was rolled out in 2011 and aimed to rationalize the federal government’s sprawling, fragmented IT infrastructure by moving much of it to the cloud. Because federal agencies have unique — and legally mandated — security requirements, they needed a way to determine whether the cloud services they wanted to use met those standards.