Agency CIOs try to gaze into FITARA's crystal ball
April 27, 2015
Two government CIOs said FITARA will allow agencies to be more collaborative in their technology missions, giving more power to CIOs than previously allowed.
David Stegon was a staff reporter for FedScoop and StateScoop from 2011-2014.
Homeland Security Consultants is the now the 15th company to become a third party assessment organization, or 3PAO, for FedRAMP, the General Services Administration said on Wednesday.
Known as 3PAOs, the organizations do initial assessments and test the controls of cloud service providers per FedRAMP requirements and provide evidence of compliance. The 3PAOs will also have an ongoing role in ensuring cloud service providers meet requirements.
All vendors who want to provide cloud services to the government must first submit documents detailing how they meet FedRAMP's 168 security controls to these third-party assessment organizations.
The 3PAOs will review the documents and submit their recommendation to the Joint Authorization Board, which is made up of the chief information officers from GSA and the departments of Defense and Homeland Security.
After reviewing the 3PAO analysis, the JAB decides whether to grant the company an initial authority to operate. The final authority to operate must come from the agency, which is buying the cloud services.