Federal Risk and Authorization Management Program (FedRAMP) report

This report displays FedRAMP issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.

Why it matters

The Federal Risk and Authorization Management Program (FedRAMP) provides a risk-based approach for the adoption and use of cloud services by making the following available to Executive departments and agencies:

  • Standardized security requirements for the authorization and ongoing cybersecurity of cloud services for selected information system impact levels.
  • A conformity assessment program capable of producing consistent independent, third-party assessments of security controls implemented by Cloud Service Providers (CSPs)
  • Authorization packages of cloud services reviewed by a Joint Authorization Board (JAB) consisting of security experts from the DHS, DOD, and GSA
  • Standardized contract language to help Executive departments and agencies integrate FedRAMP requirements and best practices into acquisition; and
  • A repository of authorization packages for cloud services that can be leveraged government-wide.

FedRAMP processes are designed to assist agencies in meeting FISMA requirements for cloud systems and addresses complexities of cloud systems that create unique challenges for complying with FISMA. The program streamlines federal agencies’ ability to make use of cloud service provider platforms and offerings.

OMB published a memo on December 8, 2011 that states that all low and moderate impact level cloud services leveraged by one or more office or agency must comply with FedRAMP requirements. FedRAMP commenced Initial Operating Capability (IOC) on June 6, 2012. Cloud systems in the acquisition phase as of June 6, 2012, but not yet implemented, had until June 5, 2014 to become FedRAMP compliant.

FedRAMP is governed by a Joint Authorization Board (JAB) comprised of the Chief Information Officers from the Department of Homeland Security (DHS), the General Services Administration (GSA), and the Department of Defense (DoD). The U.S. Government’s Chief Information Officer Council (CIOC), including its Information Security and Identity Management Committee (ISIMC), endorses FedRAMP. FedRAMP collaborates with the ISIMC as it identifies high-priority security and identity management initiatives and develops recommendations for policies, procedures, and standards to address those initiatives.

AppScan's FedRAMP compliance report automatically detects possible issues in your cloud service WEB Environment that might be relevant to your compliance with the FedRAMP baseline controls document. The FedRAMP security controls baseline is updating the NIST minimum security controls guideline with applicable parameters and modifications relevant and specific to cloud services.