FedRAMP (FedRAMP)
The federal authorization framework required for cloud services used by federal agencies. Three impact levels (Low, Moderate, High) and a 12-24 month authorization process.
Definition
The Federal Risk and Authorization Management Program (FedRAMP) is the federal government's standardized security authorization framework for cloud products and services. As of the 2022 FedRAMP Authorization Act, FedRAMP authorization is a legal requirement for federal civilian agency cloud use. Authorization paths are Agency Sponsorship (an agency sponsors and grants ATO that other agencies can leverage) or JAB Authorization (the highest path — DoD, DHS, GSA jointly grant P-ATO).
When it applies
Cloud vendors selling to federal civilian agencies. Authorization typically takes 12-24 months and costs $250K-$1M+. DoD systems require additional CMMC (Cybersecurity Maturity Model Certification) on top of FedRAMP. Continuous monitoring and annual reassessment are required to maintain ATO.