The Federal Risk and Authorization Management Program (FedRAMP) is a framework required by companies that interact with federal programs. This mandated framework was formed to maintain a standard level of information security when working with the federal government. It outlines controls for data service providers based on NIST 800-53, which provides standards and security requirements for information systems used by the government.
FedRAMP assigns different approval levels based on the sensitivity of the data being handled and stored. If data is assessed as high impact, it requires compliance with 421 controls, moderate impact requires compliance with 325 controls, while low-impact intended for public use requires 125 controls. With the Risk Cloud Controls Repository, you can easily download FedRAMP criteria to assess the effectiveness of your controls.