The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
Entities involve in FedRAMP
U.S. General Services Administration (GSA) is the FedRAMP leading agency
FedRAMP Program Management Office (PMO): Housed within GSA and responsible for operational management
Joint Authorization Board (JAB): Same responsibility as an authorization Official in FISMA.JAB made up of CIO from DHS, GSA, the Department of Defenseal CIO Council
Cloud Service Providers (CSPs): Microsoft, Amazon, etc.
Third Party Assessors(3PAO): SecureIT, SRA International, etc.
Agency: As a primary actor in the FedRAMP process, agencies engage with CSPs, 3PAOs, and the FedRAMP PMO-NIH, DoD