Skip to content

Federal Agencies

FedRAMP provides a standardized, reusable approach to security assessment and authorization for cloud computing products and services used by federal agencies. Federal agencies are required by both the law and OMB policy to follow the processes and rules established by FedRAMP when using cloud services in agency information systems. This authority builds on existing requirements in the law and policy and may not be ignored; M-24-15 explicitly requires agencies to update their agency policies to align with FedRAMP.

FedRAMP was established to support agency mission delivery by standardizing how agencies use commercial cloud services.

All of the work done by FedRAMP is designed to help agencies save money, effort, and time by providing them with a legal framework for using commercial cloud services within federal information systems that lowers the burden for adoption significantly. FedRAMP is not an oversight or enforcement body, it exists to be the primary point of connection between agencies and commercial services to enable adoption.

Oversight and enforcement is still performed!

Failure to follow processes outlined by FedRAMP, in alignment with the law and policy, will expose agency officials to audit by the Office of Management and Budget, Inspectors General, and the Government Accountability Office. FedRAMP has participated in multiple audits by each of these bodies that has resulted in findings against agencies for following legacy processes or failing to properly adopt FedRAMP processes.

A March 2026 Best Practices for Cloud Computing report from the Council of the Inspectors General highlights many failures by agencies to meet their responsibilities for the use of cloud services.

  • Get Help with FedRAMP

    Learn about our support systems, the Liaison Program, and all the other ways FedRAMP will help your agency deliver.

    Getting Support as a Federal Agency

  • When FedRAMP Applies

    Learn why not all cloud services are eligible for a FedRAMP Certification and when FedRAMP doesn't apply for agency information systems.

    The Scope of FedRAMP

  • How to use FedRAMP

    Learn how to streamline and optimize the agency ATO process to properly use a FedRAMP Certified cloud service.

    Using a FedRAMP Certified cloud service

  • Follow the rules

    Review a simplified set of declarative rules that summarize the law and policy in plain language to help agencies follow the rules.

    Agency-Specific FedRAMP Rules

Comments