The Federal Risk and Authorization Management Program (FedRAMP) is how the US government determines whether cloud services and products are sufficiently secure for use by federal agencies. FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

FedRAMP compliance enables federal agencies to:
• Rapidly adopt secure cloud services through reuse of assessments and authorizations
• Assure the confidence in the security of cloud solutions
• Maintain consistent security certification standards for cloud products and services
• Preserve transparency between the federal government and cloud service providers

Demonstrating FedRAMP Compliance

FedRAMP uses the NIST Special Publication 800 series, such as NIST 800-53 as a library of system controls and NIST 800-37 for risk management, and requires cloud service providers to receive an independent security assessment conducted by an external assessor to ensure that authorizations are compliant with the Federal Information Security Management Act (FISMA)

The FedRAMP Program Management Office (PMO) has outlined the following requirements for FedRAMP compliance:

• The cloud service provider (CSP) has been granted an Agency Authority to Operate (ATO) by a US federal agency, or a Provisional Authority to Operate (P-ATO) by the Joint Authorization Board (JAB).
• The CSP meets the FedRAMP security control requirements as described in the NIST 800-53, Rev. 4 security control baseline for moderate or high impact levels.
• All system security packages must use the required FedRAMP templates.
• The CSP must be assessed by a third-party assessment organization (3PAO).
• The completed security assessment package must be posted in the FedRAMP secure repository.

Accurately assess FedRAMP Compliance with Nipper

Saving you significant time and resources, Nipper is easy to configure for FedRAMP assessments and integrates with SIEM and SOAR systems for a network-wide view of compliance.

Audits: Firewalls | Switches | Routers 

Book a demo >     

Accurate vulnerability audits to manage risk better.

Our accuracy lets you reduce false positives and negatives whilst providing detailed configuration audits of firewalls, switches and routers. You can strengthen and secure your vital network devices.

Try it now >       Find out more >

Intelligently validate your security and compliance.

Paws accurately analyses the build configurations of your workstations, laptops and servers against your industry standards to help you evidence compliance, prioritize fixes and secure your devices.

Try it now >        Find out more >