FedRAMP Issues Step-By-Step Guide for Cloud Adoption


The cloud office shares its best practices for federal agencies that want to grant a cloud service provider permission to operate.

Federal agencies interested in cloud computing have a new weapon in their arsenal that could simplify one of the most common methods to make use of the emerging technology.

The FedRAMP office’s Agency Authorization Playbook is the summarization of five years of the office’s efforts with agencies and cloud service providers. It breaks the authority to operate process into three parts—preauthorization, during authorization and post-authorization—and highlights roles, responsibilities and best practices for cloud service providers, federal agencies and third-party assessment organizations.

The playbook also links to a variety of external resources and templates previously developed by the FedRAMP office.

“We developed the Agency Authorization Playbook by combining these best practices and tips with step-by-step guidance that agencies can follow to implement the process to grant an agency ATO,” the office said in a blog post. “We hope this will help promote transparency and set consistent expectations for all involved.”

The playbook is part of FedRAMP’s push to expedite the speed and efficiency with which agencies move to cloud computing. In fiscal 2018, the federal government is expected to spend upward of $9 billion on cloud and provisioned services.