The Federal Risk and Authorization Management Program (FedRAMP) is a United States government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
FedRAMP enables federal agencies and cloud solution providers (CSPs) to adapt rapidly from old, insecure, legacy IT to mission-enabling, secure, cost-effective, cloud-based IT.
FedRAMP defines and manages a core set of processes to ensure effective, repeatable cloud security for the government. It also established a mature marketplace to increase the use of and familiarity with cloud services while facilitating collaboration across government through the open exchange of lessons learned, use cases, and tactical solutions
FedRAMP aims to:
The governance of FedRAMP is performed by various executive branch entities that work collaboratively to develop, manage, and operate the program. FedRAMP governing bodies include the following:
Per an OMB memorandum, any cloud services offering (CSO) that holds federal data must be FedRAMP authorized.
FedRAMP compliance is mandatory for federal agency cloud deployments and service models at the low-, moderate-, and high-risk impact levels. Private cloud deployments intended for single organizations and implemented fully within federal facilities are the only exception.
FedRAMP cloud service authorizations include:
The FedRAMP Security Controls Baseline document provides an overview of the security controls, enhancements, parameters, requirements, and guidance listed in the FedRAMP System Security Plan templates.
Federal agencies and CSPs must implement these security controls, enhancements, parameters, and requirements within a cloud computing environment to satisfy FedRAMP requirements. The security controls and enhancements have been selected from the NIST SP 800-53 Revision 4 catalog of controls. The selected controls and enhancements are for cloud systems designated at the low-, moderate-, and high-impact information systems as defined in Federal Information Processing Standards (FIPS) Publication 199.
Application security (AppSec) is a significant component of achieving FedRAMP compliance, and Synopsys can address all your AppSec needs and controls. The Synopsys software integrity portfolio includes AppSec tools and services that help address many of the FedRAMP control families.