This is the latest blog in our vCloud Air Network Compliance Spotlight blog series. Previously in this series, we’ve discussed:

In this month’s edition of our compliance spotlight, we focus on FedRAMP, or the Federal Risk and Authorization Management Program.


FedRAMP is a government-wide program that provides a standardized approach for authorizing cloud systems. One of the primary goals of FedRAMP is to accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations.

To authorize cloud systems, FedRAMP uses a 3-step process:

  1. Security Assessment: Use of standardized set of requirements in accordance with FISMA to perform a security assessment.
  2. Leveraging and Authorization: According to the FedRAMP website, Federal agencies view security authorization packages in the FedRAMP repository and leverage the security authorization packages to grant a security authorization at their own agency.
  3. Ongoing Assessment & Authorization: Ongoing assessment and authorization activities must be completed to maintain the security authorization, once an authorization is granted.

Through FedRAMP, organizations can hope to achieve the following:

  • Accelerate adoption of secure cloud solutions
  • Increase confidence in cloud solution security and security assessments
  • Achieve consistent security authorizations and consistent application of existing security practice
  • Increase automation and near real-time data for continuous monitoring

The benefits of utilizing a provider that is FedRAMP compliant are plenty:

  • Increase the re-use of existing security assessments across agencies
  • Save significant cost, time, and resources
  • Improve real-time security visibility
  • Provide a uniform approach to risk-based management
  • Enhance transparency between government and cloud service providers (CSPs)
  • Improve trustworthiness, reliability, consistency, and quality of the Federal security authorization process

Now that you’re familiar with the benefits of FedRAMP, the next step is finding a service provider that is FedRAMP compliant. That’s where the vCloud Air Network comes in.

To get started with a FedRAMP compliant service provider, visit our Find a Provider page here. Our tool can display all of the providers on the vCloud Air Network that meet FedRAMP compliance standards. Additionally, users can search for specific service types and vertical markets. It’s that easy!

To learn more about FedRAMP, visit the official website here.

For more updates around the vCloud Air Network ecosystem and our partners, be sure to follow us on Twitter @VMwareSP and ‘like’ us on Facebook at