PER DIEM LOOK-UP
1 Choose a location
OR
OR
Rates for Alaska, Hawaii, and U.S. territories and possessions are set by the Department of Defense.
Rates for foreign countries are set by the Department of State.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock
( )
or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
To inform its exercise of oversight and statutory responsibilities, OMB seeks input regarding specific challenges and opportunities related to the Federal Risk and Authorization Management Program. In particular, OMB is looking for meaningful feedback from Federal Secure Cloud Advisory Committee members on improving FedRAMP’s effectiveness at ensuring agile and secure use of the commercial cloud by the Federal Government.
FedRAMP was established in 2011 by the Office of Management and Budget to safely accelerate the adoption of cloud services by federal agencies, and to help those agencies avoid duplicating effort by offering a consistent and reusable authorization process. Since its establishment, FedRAMP has operated by partnering with agencies and third-party assessors to identify appropriate cloud services, evaluate those services against a common baseline of security controls, and create authorization packages that enable agency authorizing officials to more easily make informed risk-based decisions concerning the use of those cloud services.
At the beginning of the FedRAMP program, the federal government had a significant focus on securely facilitating use of large-scale commercial Infrastructure-as-a-Service providers, which offer virtualized computing resources that are natively designed to be more scalable and automatable than traditional data center environments. In the years since, the commercial cloud marketplace has grown, especially in the area of Software-as-a-Service). The COVID-19 pandemic further accelerated the growth of the SaaS market, as shifts in the workplace landscape led more organizations relying on remote collaboration tools for their workforce and expanding the online services they provide to their customers.
Recognizing the value that FedRAMP has provided to Federal agencies and to industry, but with the clear need to update the program in response to a changing industry and offerings landscape, Congress passed the FedRAMP Authorization Act in December 2022 as part of the annual Defense Authorization Act. As part of that legislation, OMB is tasked with issuing “guidance describing additional responsibilities of FedRAMP and the FedRAMP Board to accelerate the adoption of secure cloud computing products and services by the Federal Government.”
The purpose of the FedRAMP program is to increase the Federal adoption of cloud services, while focusing cloud providers and agencies on the highest value work and eliminating redundant authorization and continuous monitoring efforts.
To achieve the above, OMB wants to grow the FedRAMP marketplace, simplify the process for industry and agencies alike, promote effective risk-management, and leverage opportunities to incorporate automation into the FedRAMP process. Automating key components of the FedRAMP enables acceleration of the timelines to achieve authorization, promote re-use, as well as opens doors to future continuous monitoring capabilities to enable effective and timely risk-management.
Ultimately, OMB believes FedRAMP should be able to grow the FedRAMP marketplace to include thousands of different cloud-based services over time, accelerating key agency operations while allowing agencies to directly manage smaller IT footprints and better focus resources on their core missions.
Specific areas where OMB is seeking input to expand opportunities and address challenges surrounding the FedRAMP program
OMB requests that FSCAC members review this paper ahead of the meeting and welcomes verbal responses members have to any of the questions during the meeting.
Governance and Authorizations. FedRAMP has been governed by a Joint Authorization Board (JAB) consisting of representatives from DHS, DoD, and GSA. Each of these agencies has established an internal program office, led by technical representatives, to perform key FedRAMP functions. These functions include reviewing authorization packages, conducting continuous monitoring, and reviewing FedRAMP procedure documents, among many other activities. The JAB approves each provisional authorization issued to an individual cloud service provider, and each JAB member has a team that supports ongoing review and monitoring processes on a per-CSP basis.
The FedRAMP Authorization Act establishes a FedRAMP Board, replacing the JAB, that includes representatives from DHS, DOD, and GSA and up to four additional members. In line with the Act, OMB is looking at expanding the Board to enhance agency representation and better integrate the program with the Federal community.
The FedRAMP Program supports multiple forms of authorizations to promote reusability while accommodating different Federal Government use cases. An important priority (and challenge) of the FedRAMP program is to support flexibility while promoting reuse and maintaining a general trust in any authorization associated with FedRAMP.
Therefore, OMB is considering adjustments to the FedRAMP authorization model, with the goal of having all FedRAMP authorizations held to a well-understood set of security principles, and creating more efficiency in authorizations issued jointly by multiple agencies. More generally, the FedRAMP program is expected to consider feedback from industry and agencies on where improvements can be made, including new authorization structures. To assist the program in those efforts, OMB is seeking input responsive to the following questions:
Scope and Applicability. FedRAMP is broadly intended – in statute and in its original OMB mandate – to standardize Federal agencies’ approach to using commercial cloud. However, cloud products (especially SaaS) have become more diverse over time, so it is not always clear within the Federal environment how to consistently and appropriately apply FedRAMP requirements. This uncertainty can result in differing formal or de facto policies across agencies, weakening the governmentwide consistency that FedRAMP is intended to promote. This dynamic can also cause agencies not to seek FedRAMP authorization for the use of a service that may merit one, or to require FedRAMP authorizations for services that either have negligible security impact or do not store Federal information.
OMB is considering how to determine and define which kinds of cloud-based services should be within the scope of FedRAMP.
Reciprocity and flexibility in compliance regimes. Today, FedRAMP relies on applying a baseline derived from the set of security controls described in NIST Special Publication 800-53, as well as generally applying other security requirements for Federal agencies, such as policies and directives issued by OMB and DHS’s Cybersecurity and Infrastructure Security Agency (CISA).
OMB is seeking feedback on the appropriateness and efficacy of accepting security artifacts and assessments based on other widely used security frameworks and compliance regimes.
What industry or alternate security frameworks, if any, should the FedRAMP program consider leveraging to help accelerate and reduce the burden of obtaining a FedRAMP authorization? Should this differ depending on the type of FedRAMP authorization? How should the FedRAMP program consider potential gaps in mapping controls and security requirements between frameworks?
Automation. The use of automation throughout the FedRAMP lifecycle is essential to ensuring effective operations for both Federal government and industry partners. OMB is working with GSA counterparts to consider efforts to automate and streamline all parts of the FedRAMP authorization process including the development of security assessment plans, security assessment reports, and plans of action and milestones.
OMB and GSA are also collaborating to digitize and streamline additional documentation required of vendors, including small businesses. Determining the technical means to automate system security documentation, in addition to other FedRAMP processes, is a key component of the FedRAMP modernization efforts. Additionally, continued research of emerging technologies and state-of-the-industry practices will be necessary to future automation efforts in supporting program growth. Questions for discussion include:
Continuous monitoring. Agencies are required to conduct continuous monitoring activities on IT systems they use, including cloud services. Currently, cloud service products and services that are authorized by agencies and also have FedRAMP authorizations receive little continuous monitoring from the FedRAMP program office, with the JAB providing continuous monitoring support for offerings approved centrally through the JAB. With the focus on new and flexible authorization models for cloud products and services, OMB is seeking input on enabling FedRAMP to take a more direct posture in providing continuous monitoring of FedRAMP authorized offerings that will enable agency authorizing officials to make risk-based decisions.
Permitting third-party-led authorizations. OMB welcomes feedback on whether and how the Federal government could permit private sector third-party organizations to perform core authorization and assessment functions that today are performed by agency sponsors, the FedRAMP program, or the JAB.
For clarity, this proposal is not necessarily based on the current FedRAMP Third Party Assessment Authorizations (3PAO) process and would not necessarily involve the companies that currently function as 3PAOs. This prompt is intended to holistically consider what role the private sector could play in the FedRAMP authorization process to effectively assess the security of cloud services and accelerate core processes.
Error, The Per Diem API is not responding. Please try again later.
No results could be found for the location you've entered.
Rates for Alaska, Hawaii, and U.S. territories and possessions are set by the Department of Defense.
Rates for foreign countries are set by the Department of State.
Rates are available between 10/1/2022 and 09/30/2025.
The End Date of your trip can not occur before the Start Date.
Traveler reimbursement is based on the location of the work activities and not the accommodations, unless lodging is not available at the work activity, then the agency may authorize the rate where lodging is obtained.
Unless otherwise specified, the per diem locality is defined as "all locations within, or entirely surrounded by, the corporate limits of the key city, including independent entities located within those boundaries."
Per diem localities with county definitions shall include"all locations within, or entirely surrounded by, the corporate limits of the key city as well as the boundaries of the listed counties, including independent entities located within the boundaries of the key city and the listed counties (unless otherwise listed separately)."
When a military installation or Government - related facility(whether or not specifically named) is located partially within more than one city or county boundary, the applicable per diem rate for the entire installation or facility is the higher of the rates which apply to the cities and / or counties, even though part(s) of such activities may be located outside the defined per diem locality.