Chapter 8 – FedRAMP primer

This chapter provides a primer on the Federal Risk and Authorization Management Program (FedRAMP). An introduction to initial goals of FedRAMP is followed with a detailed examination of the FedRAMP Policy Memo and the organization of the program to establish a unified, government-wide risk management process. The FedRAMP Security Assessment Framework is presented with a close look at each of the FedRAMP phases. The FedRAMP Third Party Assessment Organization (3PAO) program is also briefly discussed with a focus on how the 3PAO program supports the authorization of cloud services.