The Federal Risk and Authorization Management Program (FedRAMP) has great news to share: The President signed the FedRAMP Authorization Act as part of the FY23 National Defense Authorization Act (NDAA) (See Sec. 5921, page 1055). The Act codifies the FedRAMP program as the authoritative, standardized approach to security assessment and authorization for cloud computing products and services that process unclassified federal information.This recognizes the work FedRAMP and its stakeholders have achieved over the last decade. Check out the blog to learn more! 

What is next?The final version of FedRAMP’s updated Rev. 5 baselines (including OSCAL versions), associated documentation and templates, an implementation guide, and compliance timeline will be published once all steps have been completed. FedRAMP will also provide training and educational forums specific to the Rev. 5 updates and transition process.More…