The Federal Risk and Authorization Management Program
FedRAMP enables Agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost effective cloud-based IT.
FedRAMP has an established marketplace of the types of solutions that Federal Agencies need. This market promotes reusability to save money and time for Agencies and industry. We’re a program office funded to assist and provide guidance to Agencies in support of their move to modern, secure cloud technologies.
Acronym | Definition |
3PAO | Third Party Assessment Organization |
A2LA | American Association of Laboratory Accreditors |
AC | Access Control |
ACL | Access Control List |
AO | Authorizing Official |
API | Application Programming Interface |
APL | Approved Products List (DOD list) |
ASHRAE | American Society of Heating, Refrigerating and Air-conditioning Engineers |
AT | Awareness and Training |
ATO | Authorization To Operate |
AU | Audit and Accountability |
BCP | Business Continuity Plan |
BIA | Business Impact Analysis / Business Impact Assessment |
C&A | Certification & Accreditation |
CA | Security Assessment and Authorization |
CAP | Corrective Action Plan |
CapEx | Capital Expense |
CAPTCHA | Completely Automated Public Turing Test to tell Computers and Humans Apart |
CCB | Change Control Board |
CDM | Continuous Diagnostics and Mitigation |
CERT | Computer Emergency Response Team |
CI | Configuration Item |
CIDR | Classless Inter-Domain Routing |
CIOC | Chief Information Officer Council |
CIRT | Consumer Incident Response Team |
CIS | Control Implementation Summary / Control Information Summary |
CISO | Chief Information Security Officer |
CLI | Command Line Interface |
CM | Configuration Management |
CMP | Configuration Management Plan |
CMVP | Cryptographic Module Validation Program |
CO | Contracting Officer |
ConMon | Continuous Monitoring |
CONOPS | Concept of Operations |
COOP | Continuity of Operations Plan |
COR | Contracting Officer’s Representative |
COTS | Commercial Off-The-Shelf |
CP | Contingency Planning |
CPD | Contingency Planning Director |
CR | Change Request |
CRM | Customer Relationship Management |
CSIRC | Computer Relationship Management |
CSP | Cloud Service Provider |
CTW | Control Tailoring Workbook |
CUI | Confidential Unclassified Information |
DAA | Designated Approving Authority |
DAS | Direct Attached Storage |
DDoS | Distributed Denial of Service |
DHS | Department of Homeland Security |
DMZ | Demilitarized Zones |
DNS | Domain Name System |
DoD | Department of Defense |
E-Authentication | Electronic Authentication |
EC-Council | International Council of Electronic Commerce Consultants |
ECSB | Enterprise Cloud Service Broker |
FDCCI | Federal Data Center Consolidation Initiative |
FedRAMP | Federal Risk and Authorization Management Program |
FIPS | Federal Information Processing Standards |
FIPS 199 | Federal Information Processing Standard Publication 199 |
FIPS PUB | Federal Information Processing Standard Publication |
FIPS PUB 199 | Federal Information Processing Standard Publication |
FISMA | Federal Information Security Management Act of 2014 |
FOC | Final Operating Capability |
FOIA | Freedom of Information Act |
FTP | File Transfer Protocol |
GIAC | Global Information Assurance Certification |
gov | Government |
GSA | General Services Administration |
GSS | General Support System |
GUI | Graphical User Interface |
HIDS | Host Intrusion Detection System |
HIPAA | Health Insurance Portability and Accountability Act (of 1996) |
HIPS | Host Intrusion Prevention System |
HSM | Hardware Security Module |
HSPD | Homeland Security Presidential Directive |
HSPD 12 | Homeland Security Presidential Directive 12 |
HTTP | Hyper Text Transport Protocol |
IA | Identification and Authentication |
IAA | Inter-Agency Agreement |
IaaS | Infrastructure as a Service (Model) |
IAP | Internet Access Points |
IATO | Interim Authorization to Operate |
ID | Identification |
IEC | International Electrotechnical Commission |
IG | Inspector General / Implementation Guidance |
IOC | Initial Operating Capability |
IP | Internet Protocol |
IPv4 | Internet Protocol version 4 |
IPv6 | Internet Protocol version 6 |
IR | Incident Response |
ISCP | This Information Technology Contingency Plan |
iSCSI | Internet Small Computer System Interface |
ISIMC | Information Security and Identity Management Committee |
ISO | International Organization for Standardization |
ISO/IEC | International Organization for Standardization / International Electrotechnical Commission |
ISP | Internet Service Provider |
ISPP | Information Security Policies and Procedures |
ISSO | Information System Security Officer |
IT | Information Technology |
ITCP | IT Contingency Plan |
JAB | (FedRAMP) Joint Authorization Board |
LAN | Local Area Network |
LMS | Learning Management System |
MA | Maintenance |
MAS | Multiple Award Schedule |
MAX | MAX.gov (Secure Repository) |
mil | Military |
MOU | Memorandum of Understanding |
MP | Media Protection |
MSSP | Managed Security Service Provider |
MT | Manual Test |
MTIPS | Managed Security Service Provider |
N/A | Not Applicable |
NARA | National Archives and Records Administration |
NAS | Network Attached Storage |
NAT | Network Address Translation |
NFPA | National Fire Protection Association |
NGO | Non-Governmental Organization |
NIAP | National Information Assurance Partnership |
NISP | National Industrial Security Program |
NIST | National Institute of Standards and Technology |
NIST-SP | NIST Special Publication |
NLA | No Logical Access |
NNTP | Network News Transfer Protocol |
NP | Non-Privileged |
NPPD | National Protection and Programs Directorate (of DHS) |
NTP | Network Time Protocol |
NVI | NAT Virtual Interface |
ODAL | Outage and Damage Assessment Lead |
OEP | Occupant Emergency Plan |
OIG | Office of the Inspector General |
OMB | Office of Management and Budget |
OpEx | Operating Expense |
OR | Operational Requirement |
OSINT | Open Source Intelligence |
OWASP | Open Web Application Security Project |
P | Privileged |
PA | Provisional Authorization |
PaaS | Platform as a Service (Model) |
P-ATO | Provisional Authorization to Operate |
Portable Document Format | |
PDS | Protective Distribution System |
PE | Physical and Environmental Protection |
PIA | Privacy Impact Assessment |
PII | Personally Identifiable Information |
PIV | Personal Identity Verification |
PKI | Public Key Infrastructure |
PL | Planning (SSP Table 13-1) |
PL | Public Law |
PLC | Procurement and Logistics Coordinator |
PM | Program Management |
PMO | Program Management Office |
POA&M | Plan of Action and Milestones |
POC | Point of Contact |
PS | Personnel Security |
PTA | Privacy Threshold Analysis |
PTR | Penetration Test Report |
PUB | Publication |
QA | Quality Assurance |
QC | Quality Conrol |
QM | Quality Management |
R1 | Revision 1 |
RA | Risk Assessment |
RBAC | Role-Based Access Control |
Rev | Revision |
RFC | Request for Change |
RFI | Request for Information |
RFP | Request for Proposal |
RIP | Routing Information Protocol |
RMF | Risk Management Framework |
RoB | Rules of Behavior |
ROE | Rules of Engagement |
RTO | Recovery Time Objective |
SA | System and Services Acquisition (SSP Table 13-1) |
SA | Security Assessment |
SaaS | Software as a Service |
SAF | Security Assessment Framework |
SAML | Security Assertion Markup Language |
SAN | Storage Area Networks |
SAP | Security Assessment Plan |
SAR | Security Assessment Report |
SAS | Security Assessment Support |
SC | System and Communications Protection |
SCSI | Small Computer System Interface |
SDLC | System Development Life Cycle |
SI | System and Information Integrity |
SLA | Service Level Agreement |
SME | Subject Matter Expert |
SMS | Short Message Service |
SMTP | Simple Mail Transfer Protocol |
SOP | Standard Operating Procedure |
SORN | System of Records Notice |
SP | Service Processor (SSP Table 11-1) |
SP | Special Publication |
SQL | Structured Query Language |
SSL | Secure Sockets Layer |
SSO | Single Sign-On |
SSP | System Security Plan |
TCP | Transmission Control Protocol |
TFTP | Trivial FTP |
TIC | Trusted Internet Connection |
TICAP | Trusted Internet Connection Access Providers |
TLS | Transport Layer Security |
TP | Test Plan |
TR | Technical Representative |
TR-R | Technical Representative’s Representative |
TTS | Technology Transformation Services |
US | United States |
UDP | User Diagram Protocol |
UPS | Uninterruptable Power Supply |
URL | Uniform Resource Locator |
USC | United States Code |
US-CERT | United States Computer Emergency Readiness Team |
UUCP | Unix-to-Unix Copy Protocol |
V2 | Version 2 |
VLAN | Virtual Local Area Network |
VPN | Virtual Private Network |