Inside what cloud service providers spend to get FedRAMP authorized

It isn’t easy to figure out how much it costs on average for a cloud service provider to go through the authorization process to sell to government.
(Getty Images)

How much does it cost on average for a cloud service provider to go through the authorization process to sell to government?

Finding the answer isn’t simple.

Providers vary in “size, complexity, and scope,” according a recent Federal Risk and Authorization Management Program blog post by Program Manager Matt Goodrich. But despite the differences, Goodrich interviewed four relatively similar cloud service providers to get a median cost to achieve certification: $2.25 million.

The vendors Goodrich interviewed shared some characteristics: They all owned their own infrastructure, and all went through the old authorization process (pre-FedRAMP Accelerated).


Goodrich said FedRAMP is comparing costs between the two processes to determine if they are getting a return on investment with the new process.

[Read more: Exclusive: FedRAMP embraces the need for speed]

Three of the four vendors were infrastructure-as-a-service solutions, and one was a software-as-a-service solution.

Even though the vendors were similar, Goodrich wrote that their costs ranged from a little less than $500,000 for one to a little more than $4 million for another due to things like bringing in outside consultants to help with documentation and whether a system was originally built to pass FedRAMP.

In the blog post, Goodrich also broke down the overall cost into average costs for five main areas: engineering ($1 million), documentation ($400,000), third-party assessment organization assessment ($500,000), FedRAMP Joint Authorization Board review ($250,000) and continuous monitoring ($1 million).


On average, about half the cost was spent on engineering and half on the process itself. Companies will then likely spend an additional $1 million a year on continuous monitoring, Goodrich noted.

Samantha Ehlinger

Written by Samantha Ehlinger

Samantha Ehlinger is a technology reporter for FedScoop. Her work has appeared in the Houston Chronicle, Fort Worth Star-Telegram, and several McClatchy papers, including Miami Herald and The State. She was a part of a McClatchy investigative team for the “Irradiated” project on nuclear worker conditions, which won a McClatchy President’s Award. She is a graduate of Texas Christian University. Contact Samantha via email at, or follow her on Twitter at @samehlinger. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here:

Latest Podcasts