FedRAMP takes applications for service providers

Cloud service providers in the government and the private sector can apply to have the security of their cloud-based systems tested starting June 6.

The Federal Risk Authorization Management Program, or FedRAMP, will accept applications from service providers for the security assessment process on an on-going basis after the start date.

In May, the General Services Administration released a list of nine accredited third-party assessment organizations—or 3PAOs for short—that will do initial assessments and test the controls of providers per FedRAMP requirements. The 3PAOs will have an ongoing part in ensuring providers meet requirements.

FedRAMP offers a standard approach for conducting security assessments of cloud systems based on a set of security controls and consistent processes. The Office of Management and Budget requires agencies buying cloud services to use FedRAMP.

After receiving the initial applications, FedRAMP program officials will develop a queue order in which to review authorization packages. Officials will prioritize secure Infrastructure as a Service (IaaS) solutions, contract vehicles for commodity services, and shared services that align with the administration’s Cloud First policy.

About the Author

Matthew Weigelt is a freelance journalist who writes about acquisition and procurement.


  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

  • Cloud
    DOD cloud

    DOD's latest cloud moves leave plenty of questions

    Speculation is still swirling about the implications of the draft solicitation for JEDI -- and about why a separate agreement for cloud-migration services was scaled back so dramatically.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.