Close

The U.S. Federal Government established the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security and risk assessment, authorization, and continuous monitoring for cloud products and services. All federal agency cloud deployments and service models, other than certain on-premises private clouds, must meet FedRAMP requirements at the appropriate impact level (Low, Moderate, or High).

There are two approaches to obtaining a FedRAMP Authorization, a provisional authorization through the Joint Authorization Board (JAB) or an authorization through an agency. In the Agency Authorization path, agencies may work directly with a Cloud Service Provider (CSP) for authorization at any time. CSPs that make a business decision to work directly with an agency to pursue an Authority to Operate (ATO) will work with the agency throughout the FedRAMP Authorization process.

Both approaches require an assessment by an independent third-party assessment organization (3PAO) that is accredited by the program, as well as a stringent technical review by the FedRAMP Program Management Office (PMO).

FedRAMP is based on the National Institute of Standards and Technology (NIST) SP 800-53 Rev. 4 standard, augmented by FedRAMP specific controls and control enhancements. FedRAMP authorizations are granted at three impact levels (Low, Moderate, and High) based on NIST FIPS 199 security categorization. These levels rank the impact that the loss of confidentiality, integrity, or availability could have on an organization - Low (limited adverse effect), Moderate (serious adverse effect), and High (severe or catastrophic adverse effect).

Relevant products

Trello icon
VISUAL COLLABORATION

Trello

Our team is here to help

Question mark icon

Have more questions about our compliance program?

Do you have cloud certifications? Can you complete my security & risk questionnaire? Where can I download more information?

Heart icon

Trust & security community

Join the Trust & Security group on the Atlassian Community to hear directly from our Security team and share information, tips, and best practices for using Atlassian products in a secure and reliable way. 

Headset icon

Atlassian support

Reach out to one of our highly-trained support engineers to get answers to your questions.