The FedRAMP Marketplace provides a searchable and sortable database of Cloud Service Providers (CSP) that have FedRAMP compliant services as well as a list of federal agencies using FedRAMP Authorized CSOs, and FedRAMP recognized auditors (3PAOs) that can perform a FedRAMP assessment. The FedRAMP Marketplace is maintained by the FedRAMP Program Management Office (PMO).
The marketplace includes a searchable catalog of authorized products and services, that streamlines the process of finding and using cloud services in the federal government. The website is used extensively by Agencies and CSPs as a resource to:
- Research cloud services that have achieved a FedRAMP Marketplace designation
- Research agencies partnering with CSPs for a FedRAMP Authorization
- Identify agencies that are using FedRAMP Authorized CSOs, and
- Review FedRAMP’s community of recognized 3PAOs
The FedRAMP Marketplace lists Cloud Service Offerings (CSO) along with their designations (or compliance status) which are either FedRAMP Ready, In-Process or Authorized. The FedRAMP Marketplace is intended to enable the reuse of security package documentation, which requires understanding the FedRAMP compliance status of listed cloud services.
FedRAMP Ready indicates that a 3PAO attests to a CSO’s security capabilities, and that a Readiness
Assessment Report (RAR) has been reviewed and deemed acceptable by the FedRAMP PMO. The RAR
documents the service offering’s system information, compliance with federal mandates, and ability to meet FedRAMP security requirements. A FedRAMP Ready cloud service is at the first stage of compliance and needs a sponsor by either a US Federal Agency or be accepted by the JAB (Joint Authorization Board) to be formally authorized.
FedRAMP In Process indicates a CSP is actively working towards FedRAMP Authorization through the JAB or Agency Authorization processes. All FedRAMP In Process CSOs are listed on the FedRAMP Marketplace. During this phase, the 3PAO conducts an assessment and produces the Security Assessment Report (SAR), which is provided to the agency for adjudication and acceptance.
FedRAMP Authorized designation is provided to CSOs by the authorizing agency that have successfully completed the FedRAMP Authorization process. The FedRAMP Authorized status on the FedRAMP Marketplace indicates FedRAMP requirements have been met, and that a CSO’s security package is available for agency reuse.
Do you want to find out how you can get listed on the FedRAMP Marketplace? Please contact us to schedule a free briefing.