FedRAMP

Federal Risk and Authorization Management Program

FedRAMP Overview

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP enables Agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud-based IT.

FedRAMP created and manages a core set of processes to ensure effective, repeatable cloud security for the government. FedRAMP established a mature marketplace to increase utilization and familiarity with cloud services while facilitating collaboration across government through open exchanges of lessons learned, use cases, and tactical solutions.

FedRAMP offers four security baselines to allow government agencies to match security to risk:

  • High (421 controls)
  • Moderate (325 controls)
  • Low (125 controls)
  • Tailored – for Low-Impact SaaS (38 controls)

ORock’s Cloud Environments

ORockCloud

FedRAMP Authorized at the Moderate Impact Level

ORockCloud is a multi-tenant, enterprise-grade open source cloud environment that is authorized at FedRAMP Moderate for IaaS, PaaS, and hybrid cloud. Featuring 325 security controls, it is available for use by government agencies and commercial organizations to ensure both security and compliance.

ORock HighCloud

FedRAMP Ready for High Impact Level Workloads

ORock HighCloud is a Government-Only Community Cloud that achieved “FedRAMP Ready” status in October 2019 for IaaS and PaaS. U.S. Federal Government agencies can utilize ORock HighCloud to process their most sensitive unclassified workloads in the cloud while protecting them with 421 verified security controls. 

Both ORockCloud and ORock HighCloud are built on the Red Hat OpenStack and OpenShift platforms to minimize vendor lock-in. In compliance with FedRAMP guidelines, these advanced cloud computing environments are managed by U.S. citizens in ORock’s US-based Network Operations Center (NOC) and Security Operations Center (SOC).

Get Your Commercial Applications FedRAMP Authorized

Per an OMB memorandum, compliance with FedRAMP guidelines is mandatory for government agencies and Independent Software Vendors (ISVs) that sell applications to federal customers. Executive departments and agencies must submit quarterly reports listing all existing cloud services that do not meet FedRAMP requirements with the appropriate rationale and proposed resolutions for achieving compliance. In addition, many state and local governments also follow FedRAMP guidelines to minimize risk.

ORock’s Federal Application Authorization Services (FAAS) program enables ISVs to achieve FedRAMP authorization for Commercial Off-the-Shelf (COTS) applications and deliver them to government customers as compliant SaaS offerings. This program saves ISVs time and money on the authorization process while accelerating speed to market and reducing risk. Learn more.

Get Your Commercial Applications FedRAMP Authorized

Per an OMB memorandum, compliance with FedRAMP guidelines is mandatory for government agencies and Independent Software Vendors (ISVs) that sell applications to federal customers. Executive departments and agencies must submit quarterly reports listing all existing cloud services that do not meet FedRAMP requirements with the appropriate rationale and proposed resolutions for achieving compliance. In addition, many state and local governments also follow FedRAMP guidelines to minimize risk.

ORock’s Federal Application Authorization Services (FAAS) program enables ISVs to achieve FedRAMP authorization for Commercial Off-the-Shelf (COTS) applications and deliver them to government customers as compliant SaaS offerings. This program saves ISVs time and money on the authorization process while accelerating speed to market and reducing risk. Learn more.

Improve Your Cloud Security and Compliance

Learn how ORock helps you comply with FedRAMP Requirements while operating in the cloud.