The Federal Risk and Authorization Management Program (FedRAMP®) was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of cloud services by the federal government. FedRAMP empowers agencies to use modern cloud technologies, with an emphasis on security and protection of federal information. Third Party Assessment Organizations (3PAOs) play a critical role in the authorization process by evaluating the security of a Cloud Service Offering. The federal government uses this information as the basis for making informed, risk-based authorization decisions for the use of cloud products and services.

The purpose of this course is to define the requirements of FEDRAMP. Participants will learn more about key facts, components of the corresponding security framework and methodologies for compliance. We will delve into the security policy and control requirements, as well as the corresponding documentation and supporting evidence mandates.

This course helps participants understand best practices in effectively implementing a risk management program and improving cybersecurity practices by leveraging NIST 800-53 Rev. 5. We explore the FEDRAMP requirements, and the corresponding processes organizations should implement to ensure compliance. We discuss the benefits of implementing a single set of information security controls across the organization to allow for efficient and streamlined compliance with FEDRAMP.

Course Key Concepts: FEDRAMP, NIST, Cybersecurity, Compliance, Cloud.