The FedRAMP Board shall establish and on a regular basis update demands and recommendations for security authorizations of cloud computing merchandise and services, according to expectations and recommendations set up by NIST, to be used within the willpower of FedRAMP authorizations.[9] set up metrics that evaluate agency participation in FedRAMP