FedRAMP

What is FedRAMP?

• FedRAMP authorization accelerates digital transformation. As a government-wide program, FedRAMP promotes the adoption of cloud services in a secure way by providing a set of security and risk assessment standards that cloud technologies must adhere to.
• FedRAMP authorization is required. If you’re planning to use a cloud-based technology in the U.S. government, it must comply with FedRAMP standards. These approvals ensure the protection of valuable investments that the government makes in technology and information, which amounts to billions of dollars per year.
• FedRAMP authorization provides credibility. The FedRAMP authorization process is rigorous. Evaluation includes a three-step procedure. First, a security assessment is conducted, in which an agency is required to meet a standardized set of standards and controls. These standards are assessed by a variety of subject matter experts and third-party evaluators. Then, once these requirements are satisfied, the FedRAMP program grants a security authorization. Lastly, after authorization, an ongoing assessment and authorization plan is implemented so that your organization does not fall out of compliance.

Prior to FedRAMP, each government agency conducted its own evaluations for cloud computing services. This often resulted in redundant, inconsistent, costly, and inefficient efforts. FedRAMP establishes a baseline set of security evaluation criteria for cloud services, creating uniform and standard guidelines and requirements for all agencies.

As a pioneer and leader in enterprise cloud networking software, HPE Aruba Networking supports FedRAMP’s goal of increasing the adoption, trustworthiness, and consistency of secure cloud solutions deployed within the U.S. federal government and cloud service providers.

While FedRAMP was designed for the benefit of U.S. public sector, state and local organizations in the US. public sector (SLED) are increasingly applying the FedRAMP framework within their own contracts and assessments to achieve a standardized level of security and compliance. In the first half of 2021, a new authorization program called StateRAMP was launched to formally bring cybersecurity standards to state and local governments, and its accompanying providers.

In broader enterprise use cases, FedRAMP and StateRAMP capabilities oftentimes supersede those stipulated within industry compliance programs such as PCI, SOC2 and HIPAA. The private sector can take this authorization into account when evaluating a cloud computing provider.

Vendors such as HPE Aruba Networking that are introducing products like HPE Aruba Networking Central to become FedRAMP authorized are committed to maintaining the highest safeguards for its data security and technology. Stringent evaluation of its platform is performed regularly to retain FedRAMP authorization.