FedRamp (Federal Risk and Authorization Management Program) is a risk assessment program created to help US Federal Agencies select cloud service providers and cloud products.
FedRAMP continuously monitors cloud products and services, to create and manage a core set of processes that the agencies can use to ensure cloud security. This standardizes government agencies approach to security assessment and authorization.
“FedRAMP is mandatory for Federal Agency cloud deployments and service models at the low, moderate, and high-risk impact levels.
Private cloud deployments intended for single organizations and implemented fully within federal facilities are the only exception.” – Fedramp.gov
FedRamp Objectives:
Help accelerate government adoption of cloud, and cloud products.
Increase confidence in cloud solutions through security assessments.
Build and maintain a set of agreed-upon standards for cloud product approval inside or outside of FedRAMP.
FedRamp Governance
What is the need for FedRamp?
Not just the United States, but governments all over the world have stringent regulations about collecting user data, where (location) they are stored, who stores it (companies based in the homeland vs foreign) and how securely they are stored.
FedRAMP is a US intiative to make sure that US federal agencies and providers of cloud products and services to the agencies have a clear set of guidelines to follow, and keep the data secure. Before FedRamp, individual agencies had their own risk assessment methodologies and approval process based on the Federal Information Security Management Act of 2002.
FedRAMP addressed this crucial gap by standardizing risk assesment and approval process. The do it once and use it many times by different agencies approach helps reduce cost, time and labor hours, while also making life easier for companies building cloud products, as they now have a set of clear, spelled out guidelines to meet.
List of FedRAMP Authorised Cloud Service Providers
Data collected on 3rd February 2019. Please visit Fedramp.gov for up to date information.
1 | 18F |
2 | 1901 Group |
3 | 4tell Solutions |
4 | Accellion |
5 | Accenture |
6 | Acendre, Inc. |
7 | ACL Services Ltd |
8 | Aconex Limited |
9 | Acquia Inc. |
10 | Adobe |
11 | AINS |
12 | AirWatch |
13 | Akamai |
14 | Amazon |
15 | Appian |
16 | Apptio |
17 | Armedia, LLC |
18 | Asure Software |
19 | Autonomic Resources a wholly-owned subsidiary of CSRA LLC |
20 | Avaya, Inc. |
21 | Avue Technologies |
22 | Axon |
23 | BlackBerry |
24 | Blackboard |
25 | BMC Software |
26 | Box Inc. |
27 | BrightWork |
28 | BroadSoft Inc. |
29 | CA Technologies Inc. |
30 | Centrify |
31 | CFI Group |
32 | CGI Federal |
33 | CircleCI |
34 | Cisco Systems Inc. |
35 | Collab9 |
36 | Collibra |
37 | Complete Discovery Source |
38 | Compusearch Software Systems, Inc. |
39 | Contegix |
40 | Coras |
41 | Cornerstone OnDemand |
42 | CoSo Cloud, LLC. |
43 | CrowdStrike, Inc. |
44 | Cylance, Inc. |
45 | Databricks |
46 | Decision Lens Inc. |
47 | Defense Point Security |
48 | Deloitte |
49 | Distributed Solutions, Inc. |
50 | DNAnexus, Inc. |
51 | DocuSign |
52 | DOMA Technologies, LLC |
53 | Druva, Inc. |
54 | Duo Security |
55 | Economic Systems |
56 | Edge Hosting, A DataBank Company |
57 | Envisage Technologies, LLC |
58 | EPAY Systems |
59 | Equinix, Inc. |
60 | Esri |
61 | Everbridge |
62 | Ex Libris |
63 | FireEye, Inc. |
64 | Frame, Inc. |
65 | GDC Integration, Inc. |
66 | GDT |
67 | General Dynamics Information Technology (GDIT) |
68 | General Services Administration |
69 | GitHub |
70 | |
71 | Gordian |
72 | GPS Insight, Inc. |
73 | Granicus |
74 | HireVue |
75 | Hootsuite |
76 | Huddle US |
77 | Human Resources Technologies, Inc. (HRTec) |
78 | IBM |
79 | IdeaScale |
80 | Infor Public Sector |
81 | Innovative Discovery, LLC |
82 | Innovest Systems, LLC |
83 | IntelliCog, Inc. |
84 | Intelliworx |
85 | iSite LLC |
86 | IT-CNP |
87 | Ivanti |
88 | Knight Point Systems |
89 | Leidos Digital Solutions, Inc. |
90 | Lookout, Inc. |
91 | MAXIMUS Inc. |
92 | Medallia, Inc. |
93 | MicroFocus |
94 | MicroPact |
95 | Microsoft |
96 | MIS Sciences Corporation |
97 | mLINQS |
98 | MobileIron |
99 | MuleSoft, Inc. |
100 | Navman Wireless North America Ltd. |
101 | NeoSystems LLC |
102 | NetComm |
103 | Netskope |
104 | New Relic |
105 | New York University |
106 | NICE inContact |
107 | Northrop Grumman |
108 | Okta |
109 | OMB |
110 | OneLogin Inc. |
111 | OneStream Software |
112 | OnSolve |
113 | Oracle |
114 | ORock Technologies |
115 | Oversight Systems |
116 | Palo Alto Networks, Inc. |
117 | Pegasystems Inc |
118 | PEO Missiles and Space |
119 | Perspecta |
120 | PowerTrain Inc. |
121 | Project Hosts |
122 | Proofpoint, Inc. |
123 | PTC |
124 | Qualtrics |
125 | Qualys |
126 | QuestionMark |
127 | R&K Solutions, Inc |
128 | Rackspace Government Solutions |
129 | Rave Mobile Safety |
130 | REAN Cloud Inc. |
131 | Recovery Point Systems, Inc. |
132 | Relocation Management Worldwide (RMW) |
133 | Replicon |
134 | Ricoh USA, Inc. |
135 | SAIC |
136 | Salesforce |
137 | SAP National Security Services Inc. (SAP NS2) |
138 | Saviynt Security Manager |
139 | ServiceNow |
140 | Sirsi Corporation (SirsiDynix) |
141 | Skillsoft |
142 | Skyhigh |
143 | Slack Technologies |
144 | Smarsh |
145 | Smartronix, Inc. |
146 | Snowflake Computing, Inc. |
147 | Socrata |
148 | Sorc’d |
149 | Splunk |
150 | SpringCM |
151 | Symantec Corporation |
152 | TalaTek, LLC |
153 | Terida LLC |
154 | The Arcanum Group Inc. |
155 | TIBCO Software Inc. |
156 | TRAPWIRE |
157 | United States Department of Agriculture |
158 | United States Department of the Treasury |
159 | Valimail |
160 | VASCO |
161 | VBrick Systems, Inc. |
162 | Veracode |
163 | Veritone, Inc. |
164 | Virtru |
165 | Virtustream |
166 | Waggl, Inc. |
167 | Workiva |
168 | Xerox Corporation |
169 | XTec, Incorporated |
170 | Zapproved LLC |
171 | Zendesk Inc. |
172 | Zimperium |
173 | Zoom Video Communications, LLC |
174 | Zscaler |