FedRAMP is one of the most popular topics on our website and blogs. We get questions every day about the FedRAMP program from customers and partners alike.
Is FedRAMP really mandatory?
Yes, FedRAMP is mandatory for Federal Agency cloud deployments and service models at the low, moderate, and high-risk impact levels. According to the FedRAMP website, private cloud deployments intended for single organizations and implemented fully within federal facilities are the only exception. Additionally, Agencies must submit a quarterly report in PortfolioStat listing all existing cloud services that do not meet FedRAMP requirements with the appropriate rationale and proposed resolutions for achieving compliance.