The Federal Risk and Authorization Management Program (FedRAMP) was established a decade ago to provide a cost-effective, risk-based approach for cloud service offerings used by the federal government. FedRAMP offers a standardized approach to security and risk assessment, which empowers federal government agencies to use cloud technologies backed by an extra level of security and protection. This standardized approach means there is more consistency across agencies and a reduction in cost. Allowing private organizations to become FedRAMP authorized creates a partnership between public and private entities that promotes innovation, and it allows the federal government to keep pace with private organizations in terms of cloud computing adoption without sacrificing security.
FedRAMP standardizes cloud cybersecurity requirements in accordance with the Federal Information Security Modernization Act (FISMA) and Office of Management and Budget (OMB) Circular A-130, which states that when agencies implement FISMA, they must use National Institute of Standards and Technology (NIST) standards and guidelines. FedRAMP leverages these standards and guidelines to provide standardized cloud services security requirements, authorization packages, and contract language; conformity in assessment; and a repository for authorization packages.
There are two potential ways a cloud service provider can obtain a FedRAMP authorization, either through an agency or through the Joint Authorization Board (JAB). The JAB is the primary governing body for FedRAMP and includes the Department of Defense (DoD), Department of Homeland Security (DHS), and General Services Administration (GSA). The JAB only works with about 12 cloud products a year for a JAB Provisional Authority to Operate (P-ATO). They also provide the continuous monitoring for all JAB Authorized cloud products.
The GDT Government Cloud is a FedRAMP Compliant Infrastructure as a Service (IaaS) offering that government agencies can leverage to deploy and manage compute, network, and storage resources in a self-service model. It holds a FISMA Moderate P-ATO and is authorized to support DoD Impact Level 2 (IL2) workloads. Our deployment model ensures only government or supporting organizations supporting government agency workloads are hosted on the system. The GDT Government Cloud supports both single system and hybrid deployments to connect workloads in multiple locations aligning to current government agency adoption patterns.