Skip to main content


FedRAMP Acquisition FAQs

September 26 | 2017

FedRAMP Acquisition FAQs

In an effort to help agencies continue to adopt secure cloud technologies, FedRAMP has been identifying ways to ensure that agencies appropriately require FedRAMP in their acquisition process as they procure cloud-based products. In support of this effort, the FedRAMP PMO worked with the Office of Management and Budget (OMB) and the Office of Federal Procurement Policy (OFPP) to develop the Acquisition FAQs guidance document that agencies can reference when developing their solicitations. These FAQs are based on questions FedRAMP regularly receives from both vendors and agencies about how FedRAMP language can best be incorporated into Request for Informations (RFIs), Request for Quotation (RFQs), and Request for Proposals (RFPs).

In reviewing this resource, Agencies will learn if they can require a CSP to have a FedRAMP Authorization, if a FISMA ATO is sufficient to meet FedRAMP requirements, and how FedRAMP requirements apply even if they are not included in a contract.

We’ve published these FAQs on and they can be accessed here. We encourage both agencies and vendors to reach out to us at to clarify or provide feedback.

Back to Blogs