Tools and Services

  • FedRAMP

    The Federal Risk and Authorization Management (FedRAMP) is a process that authorizes cloud products and services.

News and Events on FedRAMP

13 posts

FedRAMP Launches OSCAL Developer Data Bites Series

FedRAMP Launches OSCAL Developer Data Bites Series&mndash;FedRAMP is excited to launch an Open Security Controls Assessment Language (OSCAL) Developer Data Bites series! It will cover a variety of technical topics regarding users’ utilization of OSCAL for FedRAMP, FedRAMP automation updates or changes, and open forum conversations with subject matter experts. The first OSCAL Developers Data Bites session will be held on Thursday, September 1, at 12:00 pm, EDT. The series will continue on a bi-weekly basis. — via FedRAMP

FedRAMP logo

Aug 18, 2022

FedRAMP Penetration Test Guidance Updates

Penetration Test Guidance Updates—These updates were made to address the ever-changing cybersecurity landscape. Revisions include updated guidance around existing and new threats as well as addressing attack vectors so they’re in alignment with current best practices. Learn about the four initiatives included in the revision process, and download the new June 2022 PDF. — via FedRAMP

FedRAMP logo

Jul 05, 2022

GSA’s Fedramp Celebrates 10 Years of Impact on Cloud Security

GSA’s FedRAMP Celebrates 10 Years of Impact on Cloud Security—Today, the Federal Risk and Authorization Management Program (FedRAMP) celebrates its 10-year anniversary. On December 8, 2011, the Office of Management and Budget (OMB) signed a memo establishing FedRAMP to provide a cost-effective, risk-based approach for the adoption and use of cloud services. This landmark reflects GSA and FedRAMP’s commitment to protecting public and federal information through supporting IT modernization and securing IT infrastructure. Over the past ten years, the program has seen an incredible increase in the adoption of FedRAMP-authorized services and will play a critical role in improving the nation’s cybersecurity. — via General Services Administration

General Services Administration logo

Dec 08, 2021

Unique Vulnerability Counts with Container Scanning

Unique Vulnerability Counts with Container Scanning—As Cloud Service Providers (CSPs) start to submit their container vulnerability scans in order to meet Container Scanning Guidance requirements, stakeholders monitoring submissions should expect to see large increases in the number of unique vulnerabilities. Learn what’s different, and the potential impact for agencies and CSPs. — via FedRAMP

FedRAMP logo

Dec 02, 2021

The New FedRAMP.gov

The New FedRAMP.gov—FedRAMP is excited to announce the launch of our revamped website. Thanks to feedback from our partners and stakeholders, the website has an improved user experience that makes FedRAMP information and resources more accessible. The website provides more in-depth information about FedRAMP’s authorization process, enabling agencies, Cloud Service Providers (CSPs), and Third-Party Assessment Organizations (3PAOs) to easily access pertinent information related to their role in the FedRAMP Authorization process. — via FedRAMP

FedRAMP logo

Feb 16, 2021

FedRAMP 5th Anniversary

This week we are excited to celebrate FedRAMP’s fifth birthday! The program has come a long way over the past five years, as we have been able to grow and transform the program to continue to meet the evolving needs of our partners .
Jun 13, 2017

To Get Things Done, You Need Great, Secure Tools

To folks new to government, one of the most surprising differences between our work and work in the private sector are the barriers in accessing commercially available software, and commercially available Software-as-a-Service (SaaS) in particular. There are good reasons for these barriers: the government places premiums on considerations such as security, privacy, accessibility, license management,
Apr 11, 2017

GSA Hosts First-Ever Technology Industry Day in Washington, D.C.

On September 8, 2016 Administrator Denise Turner Roth of the U.S. General Services Administration (GSA) hosted the first-ever Technology Industry Day to provide a better understanding of GSA’s path to improve the government’s outdated technology systems. Private industry and government came together to find best ways to deliver 21st century technology to federal agencies.
Sep 26, 2016

Sign up for the Technology Industry Day

On September 8, 2016, the General Services Administration (GSA) is hosting its very first Technology Industry Day. Sign up to hear about how GSA is transforming technology in the federal government, see demos of products and solutions developed by technologists and, last but not least, provide feedback on how we can work better with industry.
Aug 31, 2016

OCSIT’s 2015 Customer Survey—What We Learned

Three years ago, GSA’s Office of Citizen Services and Innovative Technologies (OCSIT) set out to design a system to consistently measure customer satisfaction across our office. We were inspired by the Digital Government Strategy, which tasks agencies to adopt a customer-centric approach to service delivery.
Dec 28, 2015