FedRAMP (Federal Risk and Authorization Management Program) is the US government's standardised security assessment and authorisation framework for cloud services, requiring cloud providers to demonstrate compliance with NIST 800-53 controls before federal agencies can procure their services — a process that typically takes 12–18 months and a seven-figure investment. Zero Trust architecture aligns directly with FedRAMP High baseline requirements for access control, audit and accountability, and system and communications protection, and FedRAMP-authorised status is increasingly a prerequisite for cloud vendors pursuing federal contracts.
Related: Government · FISMA · CUI · NIST CSF · Cloud Security Management