What It Is

TOGAF® Standard, 10th Edition is a vendor-neutral enterprise architecture framework developed by The Open Group. Its primary purpose is to provide a proven methodology for designing, planning, implementing, and governing enterprise-wide change across business and IT. The core approach is the iterative Architecture Development Method (ADM), which supports tailoring to organizational contexts.

Key Components

• **ADM phasesPreliminary, Vision, Business, Information Systems, Technology, Opportunities, Migration, Governance, Change Management, plus continuous Requirements Management.
• **Content FrameworkDeliverables, artifacts, building blocks, and metamodel for core entities like actors, services, data.
• Enterprise Continuum, reference models (TRM, SIB, III-RM), and Architecture Capability Framework for governance.
• Certification via Open Group paths; no formal audits but maturity assessments.

Why Organizations Use It

Drives strategic alignment, reduces duplication via reuse, improves ROI through governance. Enables risk management, vendor neutrality, and Boundaryless Information Flow. Builds stakeholder trust in regulated industries like finance and government.

Implementation Overview

Phased rollout: foundation, pilot, scale with ADM iterations. Applies to large enterprises across industries; requires tailoring, repository setup, Architecture Board. Focuses on capability building over one-off projects.

What It Is

FedRAMP (Federal Risk and Authorization Management Program) is a U.S. government-wide framework standardizing security assessment, authorization, and continuous monitoring for cloud service offerings (CSOs) used by federal agencies. Its core purpose is "assess once, use many times," eliminating redundant reviews. It uses a risk-based methodology aligned with NIST SP 800-53 Rev 5 controls and FIPS 199 impact levels (Low, Moderate, High).

Key Components

• Baselines: Low (~150 controls), Moderate (~320+), High (~400+), LI-SaaS (tailored Low)
• Artifacts: SSP, SAR, POA&M, continuous monitoring plans
• Built on NIST 800-53; requires 3PAO assessments
• Paths: Agency or Program authorizations

Why Organizations Use It

• Unlocks $20M+ federal contracts and CMMC mandates
• Enhances commercial credibility as security badge
• Mitigates risks via standardized, reusable compliance
• Builds stakeholder trust for government procurement

Implementation Overview

• 12-18 months: preparation, 3PAO assessment, authorization, monitoring
• Involves control mapping, documentation, remediation
• Targets CSPs for U.S. federal market; scales by size
• Audits by accredited 3PAOs, no single certifier