Skip to content

Sponsoring Initial FedRAMP Authorization

Federal agencies can partner with a Cloud Service Provider (CSP) for an initial FedRAMP authorization if they would like to use a CSO that is not currently FedRAMP Authorized. The rest of this playbook explains the initial FedRAMP authorization process, providing guidance and tips for success at each point along the way.

Common Questions About Sponsoring Authorization

Answers to the frequently asked questions below can be found under the "Federal Agencies" section on the FAQs page of FedRAMP's Help Center. If you have additional questions about the responsibility of an initial authorizing agency, please first reach out to your agency's FedRAMP Agency Liaison before reaching out to FedRAMP at intake@fedramp.gov.

What does it mean to be an initial agency partner?
Is there an additional level of effort associated with being the initial authorizing agency?
As the initial authorizing agency, are we responsible for performing Continuous Monitoring (ConMon) oversight on behalf of other leveraging agencies?
Does FedRAMP accept both an Authority to Operate (ATO) and an Authority to Use (ATU)?
What happens if my agency decides to stop using the Cloud Service Offering (CSO)?
What happens if a Cloud Service Offering (CSO) loses its agency customers?
Should my agency use FedRAMP to authorize a private cloud deployment?