Skip to main content

← Back to glossary

Term · 14. International Standards

FedRAMP (Federal Risk and Authorization Management Program) FedRAMP

Framework Source: FedRAMP
Personal Data Identity Security Standards FedRAMP NIST

Definition

US government program standardising security assessment and authorization of cloud services used by federal agencies. Three impact levels: Low, Moderate, High — mapping to FIPS 199 categorisation. Built on NIST SP 800-53 control baseline. Cloud Service Providers (CSPs) achieve Authority to Operate (ATO) via Joint Authorization Board (JAB) Provisional Authorization (P-ATO) or sponsoring agency authorization.

Synonyms
  • FedRAMP Moderate
  • FedRAMP High
  • P-ATO
Application
Mandatory for CSPs serving US federal agencies. IDM/IAM impact: MFA for all privileged access (PIV/CAC tokens), audit logging per NIST SP 800-92, identity lifecycle aligned to NIST SP 800-63 (IAL/AAL/FAL levels), continuous monitoring (ConMon) of identity controls.
Standards & regulations
  • NIST SP 800-171 Rev. 3 «Federal Risk and Authorization Management Program (FedRAMP) – A government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud»
Sources

Related terms

← Back to glossary  ·  Open in main list