Search CIO.Gov


Federal Risk and Authorization Management Program


FedRAMP Logo
Please visit for additional information on FedRAMP.

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that will save cost, time, and staff required to conduct redundant agency security assessments.

On December 8, 2011, the Office of Management and Budget (OMB) released a memorandum to Chief Information Officers regarding security authorizations of information systems in the cloud computing environments. The memorandum:
  • Establishes Federal policy for the protection of Federal information in cloud services
  • Describes the key components of FedRAMP and its operational capabilities
  • Defines Executive department and agency responsibilities in developing, implementing, operating and maintaining FedRAMP
  • Defines the requirements for Executive departments and agencies using FedRAMP in the acquisition of cloud services
Key FedRAMP Documentation
  • FedRAMP Security Controls - The baseline controls required for FedRAMP security assessments and authorizations.
  • FedRAMP CONOPS - The FedRAMP Program Management Office's Concept of Operations for FedRAMP
  • FedRAMP JAB Charter - The Joint Authorization Board's Charter detailing roles and responsibilities and governance.
  • OMB Policy Memo – OMB policy guidance on issues affecting FedRAMP
  • FedRAMP FAQs – provides answers to most questions about FedRAMP
For questions regarding FedRAMP, please direct inquiries to