Intro

Why Use FedRAMP¶

• Federal agencies have the opportunity to save money and time by adopting innovative cloud services to meet their critical mission needs.

• Federal agencies are required by law to protect federal data stored in the cloud. Federal agencies do this by authorizing cloud services following FedRAMP guidelines and requirements.

• FedRAMP provides a standardized approach to security authorization consistent with Federal Information Security Modernization Act (FISMA) and National Institute for Standards and Technology (NIST) security requirements. One of our main goals is to prevent agencies from reinventing the wheel. The "do once, use many" approach promotes reuse of standardized security assessments to save federal agencies time and resources.

• FedRAMP facilitates collaboration across the federal government and regularly provides guidance and support to help federal agencies through the authorization process.

Why This Playbook¶

• This playbook is designed as a reference for agencies pursuing an initial FedRAMP authorization. For information on how to reuse an existing authorization, reference the FedRAMP Reusing Authorizations for Cloud Products Quick Guide.

• The purpose of this playbook is to provide federal agencies with guidance, best practices, and tips to successfully implement the FedRAMP authorization process.

• The overall goal of this playbook is to promote transparency and consistent expectation management between federal agencies and cloud service providers (CSPs).

• Reference this playbook throughout the process in conjunction with ongoing communication with FedRAMP.

What You Will Get From This Playbook¶

• A description of each step of the process

• Federal agency, CSP, and third party assessment organization (3PAO) roles and responsibilities

• Best practices and considerations for working effectively with stakeholders and executing the security review

• FedRAMP resources and templates available for your reference