Skip to main content
Achieve Federal Risk and Authorization Management Program authorization for US government cloud services.
The Federal Risk and Authorization Management Program (FedRAMP) is a US government program that standardizes security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies. It is based on NIST SP 800-53 controls and offers Low, Moderate, and High baselines.
FedRAMP authorization is required for cloud service providers that want to sell cloud services to US federal agencies.

Who needs US FedRAMP?

Cloud service providers

Vendors offering cloud products or services to US federal agencies.

GovTech and SaaS firms

Organizations expanding into the federal market.

Key components

Low baseline

For systems where the impact of a breach would be limited.

Moderate baseline

The most common baseline, covering the majority of federal SaaS.

High baseline

For systems handling the most sensitive unclassified federal data.

Continuous monitoring

Ongoing security monitoring and monthly reporting after authorization.

How DSALTA helps with US FedRAMP

1

Activate FedRAMP

Select FedRAMP and your impact level. DSALTA maps the NIST 800-53 baseline to controls.
2

Review mapped controls

Review the NIST 800-53 controls for your baseline and assign owners.
3

Collect evidence automatically

Connect integrations to gather technical evidence continuously.
4

Document the SSP

Build your System Security Plan and supporting documents.
5

Prepare for assessment

Organize evidence for a 3PAO assessment and agency authorization.

Frequently asked questions

You can pursue a Joint Authorization Board (JAB) Provisional ATO or an Agency ATO sponsored by a specific federal agency.
FedRAMP baselines are tailored sets of NIST SP 800-53 controls, plus FedRAMP-specific requirements and continuous monitoring.