What are the FedRAMP Requirements for CSPs?

FedRAMP

FedRAMP Processes

Cloud Service Providers (CSPs)

CSP Requirements

FedRAMP Compliant CSPs

FedRAMP Compliant CSPs

Third Party Assessment Organizations (3PAOs)

News and Events

What are the FedRAMP Requirements for CSPs?

Cloud Service Providers wishing to provide cloud services to Federal agencies must:

Use the baseline controls and accompanying FedRAMP requirements (see the Policy Memo for exceptions)
Directly apply or work with a sponsoring agency to submit an offering for FedRAMP authorization
Hire a Third Party Assessment Organization to perform an independent system assessment
Create and submit authorization packages
Provide continuous monitoring reports and updates to FedRAMP

For more detail on CSP responsibilities, please refer to the FedRAMP Policy Memo, Concept of Operations, and details described here.

FedRAMP templates can be individually viewed and downloaded here:

Individual FedRAMP Templates

Key Links

FedRAMP Initiation Request

Accredited 3PAOs

FedRAMP Compliant CSPs

Key Documents

FedRAMP Branding Guidance

FedRAMP Concept of Operations (CONOPS)

FedRAMP Security Controls

FedRAMP Templates

FedRAMP Continuous Monitoring Strategy Guide

FedRAMP Standard Contract Clauses

FedRAMP Control-Specific Contract Clauses

FedRAMP Control Quick Guide

FedRAMP Incident Communications Procedure

FedRAMP Package Request Form

FedRAMP POA & M

FedRAMP POA & M Worksheet

Cloud Best Practices White Paper

Guide to Understanding FedRAMP

FedRAMP Policy Memo (OMB)

3PAO Program Description

FedRAMP JAB Charter

Contacts

General Inquiries
info@fedramp.gov

Press Inquiries
202-501-1766

Last Reviewed 2013-04-15