FedRAMP Resources

BSides Seattle 2023 Presentation: FedRAMP as an OnRAMP

We’ve all heard about it, the big monster that is FedRAMP. It’s huge, endless, and it seems to be coming at you from everywhere all at the same time. StateRAMP, TxRAMP, SBOM, and even the DoD Impact Levels. Yikes!

Once you understand how FedRAMP works you can use it to create effective dashboards with quantitative numbers around those hard to capture security topics. Numbers you can use to drive investment, engagements, and roadmaps that allow everyone else in the organization to come along with you. When done in this straightforward and stepwise way, FedRAMP gets them to open their wallets for the things we all know are important, but that never seem to be approved.

FedRAMP is an onramp to a new visibility and confidence in the security of your system and gives you a way to communicate that status to all types of internal and external stakeholders. Also, once you are ready to complete the audit, FedRAMP opens up a major new market: the US Federal sector.

FedRAMP as an OnRAMP presentation (PDF)

Great Sources of Help

Getting Started with Assessment

Important Documentation

The Major Players

What’s Next in FedRAMP?