Is FedRAMP Right For You?¶

Federal agencies are required to obtain FedRAMP authorizations or reuse existing FedRAMP authorizations for all cloud services within the scope of FedRAMP. This means any company selling a cloud service to the government that meets the criteria outlined in the scope of FedRAMP must obtain a FedRAMP authorization.

A FedRAMP Rev5 Agency Authorization requires a security assessment based on Federal Information Security Management Act (FISMA) requirements and National Institute of Standards and Technology (NIST) 800-53 baselines, and both are explained in greater detail in their respective sections of this document.

In making a business decision regarding FedRAMP authorization for your service, it is important to consider your overall strategy for federal government customers. If you are brand new to the federal landscape, there may be a learning curve associated with the procurement timeline, and you might want to consider partnering with a systems integrator who has experience and a federal government customer base. Conversely, if you already have a federal government footprint and are looking to expand, FedRAMP authorization can be a business development driver. FedRAMP provides cross-government visibility on the FedRAMP Marketplace and provides a single security package that can be leveraged by multiple federal agencies for review.

Please note that the initial authorizing agency determines whether or not the data qualifies as federal information as well as the overall applicability of FedRAMP in accordance with the OMB memorandum.

General information, including resources, blogs, templates, and documentation for authorization, can be found on FedRAMP's website.