Pursuing a FedRAMP® Agency Authorization
There are two approaches to obtaining a FedRAMP Authorization, a provisional authorization through the Joint Authorization Board (JAB) or an authorization through an agency. In the Agency Authorization path, agencies may work directly with a Cloud Service Provider (CSP) for authorization at any time. CSPs that make a business decision to work directly with an agency to pursue an Authority to Operate (ATO) will work with the agency throughout the FedRAMP Authorization process.
The Authorization Process
Resources
The resources below provide additional guidance on the Agency Authorization path. Additional technical guidance as well as FedRAMP templates are located on our Documents & Templates page under resources.
Agency Authorization Playbook
This document provides a compilation of best practices, tips, and step-by-step guidance for agencies seeking to implement ATOs.
Agency Authorization - Roles and Responsibilities for FedRAMP, CSPs, and Agencies
This document provides a summary of the roles and responsibilities of the agency, CSP, and FedRAMP PMO during the Agency Authorization process.
FedRAMP Authorization Boundary Guidance
This document provides CSPs guidance for developing the authorization boundary for their offering(s) which is required for their FedRAMP Authorization package.
FedRAMP Guide for Multi-Agency Continuous Monitoring
This document provides guidance to agencies and CSPs to assist with a framework for collaboration when managing Agency ATOs.
FedRAMP Tailored Website
Provides guidance and templates for FedRAMP Tailored, a simple, condensed approach to the Authorization process for Low-Impact Software-as-a-Service (LI-SaaS) applications.