FedRAMP Marketplace Quick Start Guide

Target audience: Agency Personnel

Before You Begin

  1. Identify your specific requirements: What type of cloud service are you interested in?
  2. Review the scope of FedRAMP: Ensure that your use case falls within the scope of FedRAMP.
  3. Understand your data security requirements: Will you be handling public information, internal data, or sensitive government information? This will provide insight into the impact level of cloud service you may need.
  4. Engage your FedRAMP Liaison early: They can provide agency-specific guidance and requirements.

Search for Services

  • Keyword Search: Use the marketplace search bar to find specific offerings, providers, or services using keywords.
  • Browse Business Functions: Select from business functions to narrow your search if you are exploring options or are unsure of specific service names.

Filter and Sort Results

  • Apply Impact Level: Choose LI-SaaS, Low, Moderate, or High based on your data sensitivity requirements.
  • Filter by authorization status: Focus on authorized services that are ready for immediate use.
  • Use additional filters and sort: Continue to filter and sort to find which offerings are most relevant.

Review Product Details

Click on any cloud service offering card (or row in table view) to access detailed information.

  • Overview tab: Service description, contact information, business functions, and authorized services
  • Authorization Details tab: Agency sponsor, assessor, annual assessment date, and list of all agencies that have authorized the offering.
  • Dependent Products tab: Related cloud service offerings also on the marketplace that are dependent on the current product

Save your Research

  • Export filtered results: Export your narrowed search as a spreadsheet (CSV) or data file (JSON). Share with your team for evaluation and decision-making.
  • Share filtered URL: Apply desired filters, sort order, search terms, and view and copy the URL to save that specific search.

Procurement

Access More Information

  • Contact: Use the vendor contact emails listed on the overview page for demos, pricing, and implementation discussions.
  • Submit package request forms: Using the package ID, submit a package request form to access more security documentation.
  • Review security information: Ensure that the cloud service offering meets your agency’s security requirements.

Final Steps

  • Verify current authorization status: Ensure authorization status has not changed before finalizing any agreements.
  • Issue an ATO: Coordinate with your agency liaison to finalize the authorization.

Remember: FedRAMP authorization is a certification that there are adequate security materials available for an agency to use in their own Authorization to Operate (ATO) decisions - FedRAMP does not grant ATOs.

Exploring the Agency and Assessor Tabs

Agency Tab

Use the Agency tab to see which cloud service offerings other government agencies have authorized.

  • Browse by Agency: Search through federal agencies and sub-agencies to view their authorized cloud services.
  • Learn from similar agencies: Find agencies with comparable functions or missions to see what solutions they’ve successfully implemented and continue to reuse.

Assessor Tab

The Assessor Tab provides information about the Third Party Assessment Organizations (3PAOs) that evaluate cloud service offerings.

  • Browse by Assessor: View detailed information on assessment organizations, including the frameworks used and the cloud service offerings they have assessed at different impact levels.