The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Microsoft Office 365 has been granted FedRAMP. FedRAMP is mandatory for Federal Agency cloud deployments and service models. Office 365 has been assessed at a moderate level by a 3PAO (Third-party Assessment Organization) and awarded a FedRAMP ATO from HHS OIG. FedRAMP ATO applies to Office 365 Government plans in the US – E1, E3, E4 and standalone plans like Exchange Online Plan 1, Exchange Online Plan 2 etc. Office 365 Government plans in the US are also referred to as the Government Community Cloud (GCC).
We are pleased to announce that Microsoft Office 365 has been granted FedRAMP Authority to Operate (ATO) by the Department of Health and Human Services Office of the Inspector General (HHS OIG). Office 365 is a multi-tenant cloud that includes government specific instances of services such as Exchange Online, SharePoint Online and Lync Online. Government-specific instances of Office 365 services are designated for use solely by U.S federal, tribal, state and local government customers, and Federally Funded Research and Development Centers (FFRDCs).
Source: Office Blogs