On May 20, 2013 the General Services Administration (GSA) announced the third company to become FedRAMP certified as Amazon Web Services. As part of the program, Amazon has been granted two Agency Authorities to Operate (ATOs) by the U.S. Department of Health and Human Services. CGI Federal and Autonomic Resources are the other two FedRAMP-certified providers.
Run by the GSA, FedRAMP is designed to assist in closing costly federal data centers and outsourcing network operations to shared cloud providers, thereby reducing expenditures and increasing technical flexibility. Once a service goes through the initial FedRAMP authorization process, it will get a stamp of approval that all agencies can use to sign off on the service’s ability to meet federal security requirements.
There are three major players in FedRAMP: the cloud service providers (CSPs), the third-party assessment organizations (3PAOs), who will perform an independent audit of the cloud system, and the Joint Authorization Board (JAB), the primary governance and decision-making body for the FedRAMP program. According to the Washington Post, there are about 70 companies in the pipeline for FedRAMP approval.