Government agencies require secure, modern cloud solutions to achieve mission success. The Federal Risk and Authorization Management Program (FedRAMP) evaluates the security capabilities of cloud service providers to ensure unclassified Federal information is protected.
FedRAMP is a Government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. Carahsoft helps Federal agencies identify and acquire secure solutions from our portfolio of FedRAMP certified cloud service providers (CSPs).
Carahsoft offers FedRAMP cloud service offerings (CSOs) for three compliance designations and three impact levels. Impact levels are determined by the security risk posed by a CSO compromising the confidentiality, integrity and availability of critical agency information.
FedRAMP Authorized: A designation assigned to CSOs that have completed the FedRAMP authorization process through either a federal agency or the Joint Authorization Board (JAB)
FedRAMP In Process: A CSO that is working towards a FedRAMP authorization through either a federal agency or the Joint Authorization Board (JAB). Once a CSO becomes In Process, they are listed on the FedRAMP Marketplace.
FedRAMP Ready: A CSO following a Third-Party Assessment Organization (3PAO)’s attestation of security capabilities and a FedRAMP PMO approval of a Readiness Assessment Report (RAR).
High Impact Level: A security breach could result in severe or catastrophic negative effects on the agency or individuals. Typically appropriate for law enforcement, emergency services, military, financial or health systems.
Moderate Impact Level: A security breach could cause significant adverse effects, including financial harm to the agency or individuals.
Low Impact Level and LI-SaaS: A security breach could cause limited negative impact on an agency. Low Impact SaaS (LI-SaaS) is reserved for SaaS applications that do not store Personal Identifiable Information (PII).
Click into the CSPs in Carahsoft’s marketplace of FedRAMP vendors to discover how each CSO supports mission success for the Federal government. Each description includes the compliance designation and impact level of the solution.
In addition to our marketplace of FedRAMP designated vendors, Carahsoft has put together a portfolio of solutions from our vendor partners for programs such as DoD CC SRG and StateRAMP. Utilizing our extensive industry expertise, Carahsoft also helps our vendor partners ensure their solutions are compliant with FedRAMP regulations. Explore the pages below to learn more about Carahsoft’s FedRAMP resources.
For the Department of Defense (DoD) to leverage cloud service offerings they must follow the DoD Cloud Computing Security Requirements Guide (DoD CC SRG) set by the Defense Information Systems Agency (DISA). Carahsoft can help Defense agencies find DoD authorized Cloud Service Offerings (CSOs).
FedRAMP’s success at the Federal level exposed the need for a similar program that could be utilized by state and local agencies. StateRAMP was created to allow state and local government to benefit from FedRAMP’s approach for standardizing cybersecurity requirements for IT solutions and enabling reauthorizations of security packages.
The FedRAMP Authorization Act, signed in December 2022 as part of the FY23 National Defense Authorization Act (NDAA), codifies the FedRAMP program as the authoritative security assessment and authorization baseline for cloud service offerings that process unclassified federal data. FedRAMP Compliance enables agencies to:
To work with the federal government, cloud service providers must achieve FedRAMP authorization for each cloud service offering. This ensures agencies maintain a high level of data protection that is standardized across the federal government. Federal officials look to the FedRAMP marketplace as the most reliable source when securing new cloud solutions. Learn how Carahsoft helps CSPs become FedRAMP authorized and build their federal customer base.
Webcast
|
FEDRAMP EVENT
Hosted By: Splunk & Carahsoft
November 07, 2024
5:30 PM ET
|
> |
Webcast
|
FEDRAMP EVENT
Hosted By: CORAS & Carahsoft
November 13, 2024
5:30 PM ET
|
> |
May 9th, 2024
The roadmap introduces strategic initiatives designed to modernize the FedRAMP program, which allows agencies to leverage previously completed work and reuse cloud authorizations, offering significant time and cost savings for government and industry alike.
January 11th, 2024
Streamlining the FedRAMP process and offering a range of authorized cloud services helps Federal agencies alleviate costs and administrative burden linked to duplicative security assessments.
May 23rd, 2023
Learn how AppExchange helps organizations increase productivity, eliminate risk and save time from AppExchange leaders on the Carahsoft Blog.
March 9th, 2023
With the introduction of Security Snapshot, CSPs can ease their concerns, knowing they will receive detailed, personalized support to help them qualify for StateRAMP's verification.
June 27th, 2022
Procurement can be achieved through efficient communication and collaboration, giving the federal government and private sector resources to spur innovation.
May 18th, 2022
Understanding the unique cyber-risks of containers, along with the tools and strategies for mitigating them, can help your organization take advantage of their benefits while also keeping them secure.
April 19th, 2021
Read the latest insights on the future of FedRAMP from Carahsoft’s technology partners and leaders at FedRAMP, CISA, NIST, GSA, DoD and DHS.
March 8th, 2021
Learn about StateRAMP's goal to create a framework for continuous improvement in cybersecurity for governments and providers on Carahsoft's Community Blog.
January 29th, 2021
Okta's Chris Niggel talks the importance of choosing the right security solutions, keeping users engaged and where agencies will focus their efforts in the future.
FEDRAMP RESOURCE Replacing traditional enterprise content management (ECM) solutions for Government Agencies with Box |
> |
FEDRAMP RESOURCE |
> |
FEDRAMP NEWS
September 16, 2024
Zoom announced that The Federal Risk and Authorization Management Program (FedRAMP®) Joint Authorization Board (JAB) authorized Zoom AI Companion as a JAB Moderate system, adding to Zoom for Government’s growing list of authorized products, solidifying the company’s commitment to the U.S. government space. Most recently, Zoom Contact Center also received FedRAMP® JAB certification as part of the Zoom for Government platform, in June of 2024. |
> |
FEDRAMP NEWS
September 05, 2024
Illumio Government Cloud achieve FedRAMP Authorization to Operate to help Federal Agencies avoid cyber disasters. This program helps standardize security for cloud solutions. |
> |