This article provides guidance on how to manage access to FedRAMP authorization data stored in your Trust Center. Using Secureframe’s Trust Center capabilities, you can grant, monitor, and revoke access for federal agencies and other FedRAMP-relevant stakeholders who need to view or download FedRAMP authorization-related documents. The steps below walk you through the process of managing authorized users and maintaining a clear audit trail of all access activity.

What Is the Authorized Resources Section?

The Authorized Resources section is a dedicated area within your Trust Center where FedRAMP-relevant authorization data and protected documents are stored and made available to authorized stakeholders. All document downloads and access activities within this section are logged, providing a complete audit trail for compliance and oversight purposes.

Managing Access to Authorized Resources

When a federal agency or other FedRAMP-relevant stakeholder requests access to your authorization data, you will need to add them as an authorized user. To get started, navigate to Secureframe › Trust Center using the left navigation bar. The Trust Center Requests tab provides visibility into all access and download activity, including the requester’s name, email, company, request date, documents requested, and decision status. This log serves as a complete audit trail for tracking authorization data access.

Granting Access to FedRAMP Stakeholders

To grant a federal agency representative or other FedRAMP-relevant stakeholder access to download Authorized Resources (protected and authorization data), follow the steps below.

Step 1: Open Trust Center Settings

From the Trust Center page, click the Settings gear icon in the top-right corner of the page. In the settings view, select the Authorized Users tab. This tab displays all individuals who currently have access to the Authorized Resources section, along with their status (Authorized or Revoked), company, grant date, and who granted the access.

Step 2: Add an Authorized User

Click the "Add authorized user" button in the top-right area of the Authorized Users tab. A dialog will appear prompting you to enter the following required information:

• Email: The stakeholder’s email address.
• First Name: The stakeholder’s first name.
• Last Name: The stakeholder’s last name.
• Company Name: The agency or organization the stakeholder represents.

Click "Add" to confirm. Once added, the individual will receive an email notification containing a link to create an account and set a password, after which they will be able to access and download the Authorized Resources.

Revoking Access to Authorized Resources

If a stakeholder no longer requires access to FedRAMP-relevant data in the Authorized Resources section, their access can be revoked at any time.

How to Revoke Access

• Navigate to Trust Center › Settings (gear icon) › Authorized Users tab.
• Locate the individual whose access you want to revoke.
• Click the three-dot menu (⋮) next to that user’s row.
• Select "Revoke access".

The user’s status will change to "Revoked" and the revocation date will be recorded. The individual will no longer be able to access or download documents from the Authorized Resources section.

For FedRAMP Stakeholders: Requesting Access to Authorized Resources

If you are a federal agency representative or other FedRAMP-relevant stakeholder who needs to access an organization’s authorization data, you will need to contact the organization directly and request that they add you as an authorized user in their Trust Center.

When reaching out, provide the organization with the following information so they can grant your access promptly:

• Your email address
• Your first and last name
• Your company or agency name

Once the organization adds you as an authorized user, you will receive an email notification with a link to create an account and set a password. After completing your account setup, you will be able to log in and download the available authorized data from the organization’s Authorized Resources section.