The Federal Risk and Authorization Management Program is a program by which the U.S. federal government determines whether cloud products and services are secure enough to be used by federal agencies. It was created to support the federal Cloud First policy, which aimed to rationalize the federal government’s sprawling, fragmented IT infrastructure by moving much of it to the cloud. The FedRAMP program seeks to make it clear how FISMA’s requirements apply to cloud services. It describes a process by which third-party assessment organizations 3PAOs determine whether cloud service providers comply with federal security rules.”]