FedRAMP (Federal Risk and Authorization Management Program) is the US government’s framework for evaluating, authorizing, and continuously monitoring cloud services used by federal agencies. FedRAMP authorization is required to sell cloud services (including SaaS customer portals) to federal agencies and many state and local government entities.
FedRAMP has three impact levels: Low, Moderate, and High. Most customer portal use cases at the federal level require Moderate authorization. The process is significantly more rigorous than SOC 2 — typically 12–18 months and $500k–$2M in compliance investment.