Federal Risk and Authorization Management Program

Overview
NIST, in the technical advisory role to the interagency Federal Cloud Computing Advisory Council (CCAC) Security Working Group will define an initial technical approach and process for FedRAMP consistent with NIST security guidance in the context of the Federal Information System Management Act (FISMA). To clarify the role of NIST with respect to FedRAMP, while NIST is supporting the definition of the FedRAMP process from a technical perspective, NIST is not the implementing organization. The governance and operational implementation of FedRAMP will be completed under the auspices of the Federal CIO Council.