Governance
The Federal Risk and Authorization Management Program operates in a complex matrix of shared or distributed responsibilities across the federal government. Learn more about who is involved, their responsibilities, and how they interact with FedRAMP.
When applicable, FedRAMP coordinates among the key entities who make up the operation of the program itself and represents them in interactions with FedRAMP stakeholders. Each entity will interact with different groups related to FedRAMP.
| Cloud service providers (CSPs) | Government agencies | Third party assessment organizations (3PAOs) |
|---|---|---|
|
|
|
Who makes up FedRAMP within the government?
FedRAMP coordinates with multiple groups who represent various interests and who play complementary roles within the FedRAMP ecosystem. These groups are:
- The FedRAMP Board
- The FedRAMP Technical Advisory Group
- The Federal Secure Cloud Advisory Committee (FSCAC)
- The General Services Administration
- The Office of Management and Budget (OMB) within the Executive Office of the President
- The Department of Homeland Security (DHS)
- The Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security
- The National Institute of Standards and Technology (NIST) within the Department of Commerce
- The Chief Information Officers Council
- The Chief Acquisition Officers Council
The FedRAMP Board
A body of federal executives that are responsible for reviewing and approving FedRAMP policies, and for bringing together their fellow federal technology leaders to expand FedRAMP’s capacity for authorizing cloud services.
The FedRAMP Board is defined in 44 USC 3610 and reinforced in M-24-15.
44 USC 3610
“to provide input and recommendations to the Administrator regarding the requirements and guidelines for, and the prioritization of, security assessments of cloud computing products and services.”
M-24-15
“The FedRAMP Board, composed of Federal technology leaders appointed by OMB, provides input to GSA, establishes guidelines and requirements for security authorizations, consistent with relevant standards and guidelines of NIST, and supports and promotes the program within the Federal community.“
The FedRAMP Technical Advisory Group
An advisory body made up of federal employees with significant practical experience and expertise in modern cloud technology. The Technical Advisory Group provides advice to FedRAMP and the FedRAMP Board as requested.
More about the TAG can be found in M-24-15.
M-24-15
“The FedRAMP Board, composed of Federal technology leaders appointed by OMB, provides input to GSA, establishes guidelines and requirements for security authorizations, consistent with relevant standards and guidelines of NIST, and supports and promotes the program within the Federal community.“
