The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to conducting security assessments and granting security authorizations. As it relates to FedRAMP authorizations, there are three main stakeholders: cloud service providers (CSPs), Third Party Assessment Organizations (3PAOs), and government agencies. Each plays a pivotal role. The CSP provides the cloud solution; the 3PAO assesses the solution; and the agency grants an authorization decision, otherwise known as an authority to operate (ATO). Each stakeholder has a role in the two FedRAMP authorization routes: Joint Authorization Board (JAB) provisional route and Agency ATO route. Furthermore, agencies can reuse tests derived from either of these routes to grant their own authorization determination. This publication outlines those responsibilities specific to the government agency role.
This white paper requires registration. Please fill out the form to receive access.