The Federal Risk and Authorization Management Program (FedRAMP) is a framework required by companies that interact with federal programs. This mandated framework was formed to maintain a standard level of information security when working with the federal government. It outlines controls for data service providers based on NIST 800-53, which provides standards and security requirements for information systems used by the government.

How It Works

FedRAMP assigns different approval levels based on the sensitivity of the data being handled and stored. If data is assessed as high impact, it requires compliance with 421 controls, moderate impact requires compliance with 325 controls, while low-impact intended for public use requires 125 controls. With the Risk Cloud Controls Repository, you can easily download FedRAMP criteria to assess the effectiveness of your controls.

Why You Need It

• Guide the implementation of the security controls required under FedRAMP to appropriately secure government data
• Provide opportunities to expand your government client base, depending on your level of FedRAMP approval