This RFC proposes a temporary high speed path to FedRAMP authorization for cloud services with existing security assessments from external security frameworks so that federal agencies and providers can test and pilot these services prior to investing in a full FedRAMP authorization path.
This authorization, part of the FedRAMP 20x path and designated as FedRAMP Validated Level 1, allows providers that meet certain criteria to receive a FedRAMP Validated authorization by meeting only a small portion of 20x Low requirements - without additional independent verification and validation from a FedRAMP recognized independent assessor. This authorization will meet the necessary legal and policy requirements to allow agencies to test or pilot the use of these services based on their own risk determinations.
https://www.fedramp.gov/rfcs/0022/
This RFC proposes a temporary high speed path to FedRAMP authorization for cloud services with existing security assessments from external security frameworks so that federal agencies and providers can test and pilot these services prior to investing in a full FedRAMP authorization path.
This authorization, part of the FedRAMP 20x path and designated as FedRAMP Validated Level 1, allows providers that meet certain criteria to receive a FedRAMP Validated authorization by meeting only a small portion of 20x Low requirements - without additional independent verification and validation from a FedRAMP recognized independent assessor. This authorization will meet the necessary legal and policy requirements to allow agencies to test or pilot the use of these services based on their own risk determinations.
https://www.fedramp.gov/rfcs/0022/