The Federal Risk and Authorization Management Program (also known as FedRAMP) was established in 2011 and promotes the adoption of secure cloud services across the U.S. government, providing a standardized approach to security assessments for cloud service offerings. FedRAMP agencies use modernized cloud technologies with added emphasis on the security and protection of Federal information.
The program is mandatory, and federal agencies must ensure the cloud solutions they use meet FedRAMP requirements. FedRAMP uses a “do once, use many times” framework for vetting the security of cloud services. The program saves the government an estimated 30-40 percent in costs, as well as time and staff resources.
[hover over each card for more information]
One key FedRAMP benefit is the ability to improve real-time security.
The program saves significant cost, time, and resources by using a “do once, apply many times” strategy.
FedRAMP helps ensure the consistent application of existing security practices.
FedRAMP enhances transparency between government and cloud service providers.
The FedRAMP program helps provide a uniform approach to risk-based management.
The program increases automation and near real-time data for continuous monitoring.
ServiceNow’s FedRAMP Certification
- Compliance with NIST SP 800-53 Revision 4 controls, per the FedRAMP High baseline
- Compliance with the DoD Impact Level 4 controls, per the DISA Cloud Computing SRG
- Compliance with the DoD Impact Level 5 – Provisional Authorization
- Full Disk Encryption (FDE) for data at rest as standard
- US citizen support and administration
- Simplified path to ATO (Authority To Operate)
- Continuous monitoring by the FedRAMP Program Management Office (PMO)
- Annual assessment and penetration test against FedRAMP Third Party Assessment Organization (3PAO) standards
- For all of ServiceNow’s security certifications, click here.
PlatCore’s Native ServiceNow LMS