What is FedRAMP and why does it matter for AI?

FedRAMP (Federal Risk and Authorization Management Program) is the U.S. government's standardized approach to security assessment and authorization for cloud products and services. Any cloud-based AI platform used by a federal agency must be FedRAMP authorized. The program evaluates vendors against NIST 800-53 security controls — 325+ controls at the Moderate baseline, which is the minimum for most government AI use cases. FedRAMP authorization is not optional: federal agencies cannot use cloud services that lack it, and the Federal Acquisition Regulation (FAR) codifies this requirement.

What are the FedRAMP authorization levels?

FedRAMP defines three impact levels based on FIPS 199: Low (for publicly available data — 125 controls), Moderate (for controlled unclassified data — 325 controls, the most common level for AI platforms), and High (for data where breach could cause severe harm — 421 controls, required for law enforcement, financial, and critical infrastructure AI). There's also Li-SaaS (Low Impact SaaS) for low-risk applications. Most enterprise AI platforms targeting government pursue Moderate authorization as the sweet spot between market access and compliance burden. DoD adds Impact Levels (IL2-IL6) on top of FedRAMP for classified and mission-critical workloads.

What is the difference between JAB and Agency FedRAMP authorization?

JAB (Joint Authorization Board) authorization is granted by the three primary government cloud consumers — DoD, DHS, and GSA — and is accepted by all federal agencies. It's the gold standard but takes 12-18 months and is highly competitive (limited slots). Agency authorization is granted by a specific federal agency as the sponsoring authority. It's faster (6-12 months) but initially accepted only by that agency — though other agencies can reuse the authorization through reciprocity. Most AI vendors pursue agency authorization first to enter the market, then seek JAB P-ATO for broader acceptance.

How long does FedRAMP authorization take for AI platforms?

The full FedRAMP authorization process typically takes 12-24 months for AI platforms: 2-4 months for readiness assessment and gap remediation, 3-6 months for 3PAO (Third Party Assessment Organization) security assessment, 2-4 months for authorization package review, and 1-3 months for authorization decision. AI platforms face additional complexity because they must document AI-specific controls — model governance, training data provenance, inference pipeline security — that aren't explicitly covered in NIST 800-53 but are increasingly expected by authorizing officials. The total cost ranges from $500K to $2M including 3PAO assessment, remediation, and ongoing continuous monitoring.

What about StateRAMP for state and local government AI?

StateRAMP applies FedRAMP-equivalent security standards for state and local government cloud procurement. It's gaining adoption rapidly — 30+ states recognize or require StateRAMP. For AI vendors, StateRAMP offers a faster path to the state/local market than individual state security assessments. StateRAMP verification levels (1-3) map roughly to FedRAMP Low, Moderate, and High. Many AI vendors pursue both FedRAMP and StateRAMP simultaneously, as the control frameworks overlap significantly and a single 3PAO assessment can support both authorizations.

Decision Intelligence

FedRAMP Certified AI Platforms: Navigating Federal AI Procurement

ComplianceComplianceComplianceFedRAMP

Decision-support guide for government and defense leaders evaluating FedRAMP authorized AI platforms. Covers authorization levels, JAB vs agency paths, IL4/IL5, and StateRAMP.

The federal government is the world's largest buyer of technology. Executive orders mandate AI adoption across agencies. But federal procurement exists inside a compliance framework that most AI vendors haven't navigated — and many never will. FedRAMP authorization takes 12-24 months and costs $500K-$2M. Only ~350 cloud products have achieved it. For federal buyers, the constraint isn't "which AI is best?" — it's "which AI is authorized?"

This creates a market dynamic unique to government: the best AI technology and the authorized AI technology are often different products. Government buyers need to understand not just FedRAMP's requirements, but how to evaluate the AI capabilities within authorized platforms, when to push for agency-specific authorizations for preferred vendors, and how emerging frameworks like the NIST AI RMF complement FedRAMP's security-focused controls.

Understanding FedRAMP for AI

Authorization Levels and What They Mean

FedRAMP's three impact levels aren't about the vendor's security maturity — they're about the sensitivity of the data being processed. Low (125 controls) covers publicly available data. Moderate (325 controls) covers data where loss would cause "serious adverse effect" — this is where most government AI use cases land, including citizen services, administrative AI, and non-classified analytics. High (421 controls) is required for law enforcement, emergency services, financial systems, and critical infrastructure. Choosing the wrong level doesn't mean less security — it means your authorization is insufficient for your data, which is a compliance violation.

~350

Total FedRAMP authorized cloud products across all categories. Fewer than 40 have AI-specific capabilities, creating a significant gap between government AI demand and authorized supply.

FedRAMP Marketplace, March 2026

JAB vs. Agency Authorization

The Joint Authorization Board (DoD, DHS, GSA) grants Provisional Authority to Operate (P-ATO) that's accepted government-wide — the gold standard. But JAB slots are limited and competitive. Agency authorization is faster and more accessible: a single agency sponsors the vendor through assessment and grants an ATO. Other agencies can then reuse that authorization, but each must independently accept it. For AI platforms, the practical path is usually agency authorization first — find a champion agency with an active AI initiative willing to sponsor — then pursue broader acceptance.

The DoD dimension

FedRAMP Moderate is the baseline for civilian agencies, but the Department of Defense layers additional requirements through Impact Levels (IL). IL4 covers Controlled Unclassified Information (CUI) and requires FedRAMP Moderate+ with DoD-specific controls. IL5 covers CUI and National Security Systems. AI platforms seeking DoD customers need both FedRAMP authorization and DoD IL certification — a significantly higher bar that further limits the available vendor pool.

FedRAMP's AI Blind Spots

FedRAMP evaluates 325+ NIST 800-53 controls — none of which were designed for AI. There's no FedRAMP control for model training data provenance. No control for AI output accuracy validation. No control for algorithmic bias. The NIST AI Risk Management Framework (AI RMF) addresses these gaps, but it's voluntary and not yet integrated into FedRAMP assessments. Forward-thinking agencies are beginning to require AI RMF alignment alongside FedRAMP authorization, but there's no standardized approach yet. Government AI buyers should supplement FedRAMP review with AI-specific due diligence.

"FedRAMP tells you the infrastructure is secure. It doesn't tell you the AI model is trustworthy, accurate, or unbiased. Government needs both — and right now, we're evaluating them through completely separate frameworks."

Evaluating FedRAMP AI Platforms

Factor	FedRAMP Low	FedRAMP Moderate	FedRAMP High	DoD IL4/IL5
Controls	125	325	421	421+ DoD overlays
Data Sensitivity	Publicly available	Controlled Unclassified	High impact CUI	CUI + National Security
Typical AI Use Cases	Public chatbots, open data	Citizen services, admin AI	Law enforcement, financial	Defense, intel, C4ISR
Available AI Vendors	~20	~30-40	~10-15	<10
Authorization Timeline	3-6 months	12-18 months	18-24 months	18-30 months

FedRAMP AI Vendor Evaluation Checklist

Verify authorization status on marketplace.fedramp.gov — check status, level, authorization type, and specific services in scope
Confirm AI capabilities are within the authorized system boundary — not running on separate, non-authorized infrastructure
Match impact level to your data sensitivity — Moderate for most civilian, High for law enforcement/financial, IL4+ for DoD
Review continuous monitoring status — open POA&Ms, vulnerability scan cadence, and most recent annual assessment results
Assess NIST AI RMF alignment — model governance, bias testing, and output accuracy controls beyond FedRAMP's security baseline
Evaluate acquisition vehicle compatibility — verify the vendor is on GSA Schedule, GWAC, or BPA relevant to your procurement authority

“"We spent 18 months evaluating AI platforms. Our top choice from a capability standpoint wasn't FedRAMP authorized and estimated 14 months to achieve it. Our second choice was authorized and deployable immediately. We went with the authorized platform and had AI in production while our preferred vendor was still in the assessment process."”

— — Deputy CIO , Federal Civilian Agency (45,000 employees)

Resources

FedRAMP AI Platform Directory

Curated list of FedRAMP authorized platforms with AI capabilities, organized by impact level, authorization type, and AI use case category.

Government AI Procurement Playbook

Step-by-step guide for federal AI acquisition including FedRAMP verification, acquisition vehicle selection, and pilot authority options.

NIST AI RMF Assessment Template

Framework for evaluating AI-specific risks beyond FedRAMP's security controls: trustworthiness, bias, accuracy, and governance.

ComplianceFedRAMP