Where is FedRAMP required?
FedRAMP is required for all federal agencies when federal information is collected, maintained, processed, disseminated, or disposed of by Cloud Service Providers (CSPs). This includes any CSPs that are used to store, process, or access federal information.
This requirement applies to all federal agencies, regardless of the size of the agency or the type of CSP used. FedRAMP also applies to all third-party organizations that have access to federal information, such as contractors, vendors, and subcontractors. These organizations must also meet the FedRAMP requirements to ensure the security of the federal information.
In addition, FedRAMP applies to any CSPs that are used by federal agencies to provide services to the public. This includes any CSPs that are used to provide public services, such as websites, applications, or cloud-based services.
Finally, FedRAMP applies to any CSPs that are used by federal agencies to provide services to other agencies. This includes any CSPs that are used to provide services to other federal agencies, such as shared services or interagency collaborations.
Useful References
Official Guides
- What is FedRAMP?
- Why is FedRAMP authorization important?
- What are the goals of FedRAMP?
- Who needs to comply with FedRAMP?
- What are the categories of FedRAMP compliance?