With vendors in various stages of approval for companies in the Federal Risk Assessment and Management Program (FedRAMP) program, getting a cloud offering approved and at the right level can be confusing, but new guidance from the FedRAMP program management office (PMO) aims to fix that.
The FedRAMP Marketplace guidance, released today, offers cloud service providers a clear and concise guide of the different stages of the process and the associated requirements. The FedRAMP Marketplace lists cloud products that are FedRAMP Ready, FedRAMP In Process, and FedRAMP Authorized, and the guidance details the steps to reach each of those designations.
“With over 250,000 visits annually, the Marketplace is a valuable source of real-time information for our customers. Given the importance of the Marketplace, we want to ensure the information about each CSO [cloud service offering] is established in easy-to-understand guidance,” the PMO stated in a news release.
On FedRAMP Ready, the guidance lays out a five-step process for companies to get their product assessed and labeled as FedRAMP Ready. The new guidance also clearly states the needed qualifications and the limited timeframe products can stay as FedRAMP Ready without progressing further.
On FedRAMP In Process, the new document provides specific guidance for cloud service providers working with Defense component agencies and the needed collaboration with the Defense Information Systems Agency (DISA).
On FedRAMP Authorized, the guidance includes a simplified version of the process for both agency authorization and the Joint Authorization Board process.