Skip to main content

Blog

Do Once, Use Many - How Agencies Can Reuse a FedRAMP Authorization

May 7 | 2020

Do Once, Use Many - How Agencies Can Reuse a FedRAMP Authorization

One of FedRAMP’s core value propositions is facilitating government-wide reuse of security packages for Cloud Service Offerings (CSOs). Today, over 180 cloud products are FedRAMP Authorized and are available on the FedRAMP Marketplace for government-wide reuse. Collectively, these products have been reused over 1,500 times.

To make this possible, FedRAMP eliminates duplicative efforts by providing a common security framework. Agencies review their security requirements against a standardized baseline. A Cloud Service Provider (CSP) goes through the authorization process once, and after achieving FedRAMP Authorization for their CSO, the security package can be reused by any federal agency.

FedRAMP developed a quick guide for agencies that outlines how to reuse a security package for a FedRAMP Authorized CSO. When reusing FedRAMP security packages, agencies should keep in mind the following best practices:

  • Review the FedRAMP Marketplace to determine which cloud products are FedRAMP Authorized
  • Understand and implement customer responsibilities
  • Send a copy of your ATO letter for FedRAMP Authorized services to info@fedramp.gov

FedRAMP Authorized products provide the intrinsic benefits of the cloud - remote access, scalability, collaboration efficiency, and many more - that help the federal government achieve its mission and deliver services to the public, and are critical to many agencies’ IT modernization efforts.

To view and request access to the security materials associated with these offerings, visit the FedRAMP Marketplace. If you have any questions regarding the reuse process, please reach out to us via info@fedramp.gov and we will be happy to provide assistance.

Back to Blogs