What are the FedRAMP Requirements for CSPs?
Cloud Service Providers wishing to provide cloud services to Federal agencies must:
- Use the baseline controls and accompanying FedRAMP requirements (see the Policy Memo for exceptions)
- Directly apply or work with a sponsoring agency to submit an offering for FedRAMP authorization
- Hire a Third Party Assessment Organization to perform an independent system assessment
- Create and submit authorization packages
- Provide continuous monitoring reports and updates to FedRAMP
FedRAMP templates can be individually viewed and downloaded here: