The purpose of the FedRAMP program is to increase Federal agencies' adoption of and secure use of the commercial cloud while focusing cloud service providers and agencies on the highest value work and eliminating redundant effort.
To do this, FedRAMP provides a standardized, reusable approach to security assessment and authorization for cloud computing products and services. The FedRAMP program supports broader efforts to reduce the nation's cybersecurity risks, contributing to a more stable technology ecosystem by incentivizing CSPs to make security improvements that protect all of their Federal customers.
The goal of this guidance is to strengthen and enhance the FedRAMP program. FedRAMP has provided significant value to date, but the program must change to meet the needs of Federal agencies and address the scope of the cloud marketplace. The FedRAMP marketplace must scale dramatically to enable Federal agencies to work with many thousands of different cloud-based services can accelerate key agency operations while allowing agencies to directly manage a smaller IT footprint.
OMB is soliciting public comment on the draft guidance until December 22, 2023. To submit a public comment, visit https://www.regulations.gov/document/OMB-2023-0021-0001