Your IT department now requires that your agency use FedRAMP. And your RFPs ask vendors to explain how their services follow FedRAMP standards. But what is FedRAMP? And why are state licensing agencies choosing this?
What is FedRAMP?
According to the FedRAMP website, the Federal Risk and Authorization Management Program (FedRAMP) promotes the adoption of secure cloud services across the U.S. government. FedRAMP provides a standard way to assess security for cloud service offerings. FedRAMP helps government agencies use modern cloud technologies, with an emphasis on security and protection of federal information. Prior to FedRAMP, each federal agency required vendors to meet different security requirements. FedRAMP eliminates that challenge and provides a set of common security standards, enabling agencies and cloud service providers to reuse the authorization.
Why do state licensing agencies use FedRAMP?
State licensing agencies use FedRAMP to ensure that vendors they work with meet standards for secure cloud services. FedRAMP gives state agencies a common set of security requirements for vendors. These standard questions simplify the process for state licensing agencies and yield a variety of benefits; by allowing the reuse of the authorization versus completing different authorizations for different agencies, FedRAMP helps states save money, time, and effort—for both agencies and Cloud Service Providers.
How long does FedRAMP certification take?
FedRAMP certification takes anywhere from six months to up to two years.
State agencies using FedRAMP
Some examples of agencies that use FedRAMP standards include:
Illinois Department of Public Health Division of Environmental Health: A recent RFP from the Illinois Department of Health for an Environmental Health Licensing System asked vendors to provide an explanation of the vendor’s highly secure cloud infrastructure that follows FedRAMP standards.
Minnesota Department of Health: A request for proposal from the Minnesota Department of Health for an e-licensing system asked offerors to explain how they meet regulatory compliance, including federal regulations—like FedRAMP.
The federal government’s comprehensive website about FedRAMP, includes an overview, along with resources and how to get authorized.
An introductory video on FedRAMP by the federal government provides a general overview, along with the history of FedRAMP.
- Subscribe to our newsletter to receive more answers from Government Geek in our weekly newsletter.
- Learn more about how GL Solutions keeps your system and data safe; GL Solutions provides a Microsoft Azure hosted application meeting FedRAMP security requirements.
Got a question for Government Geek?
If the issue involves the ways your agency gets work done, then Ask the Geek. Please send us an email at firstname.lastname@example.org.