Tech

New template outlines FedRAMP readiness assessment

The General Services Administration's Federal Risk and Authorization Management Program dropped Tuesday the final version of its Readiness Assessment Report template, an avenue for cloud providers to show they are ready to start the certification process.

By Samantha Ehlinger

August 9, 2016

(iStockPhoto)

The General Services Administration’s Federal Risk and Authorization Management Program dropped Tuesday the final version of its Readiness Assessment Report template, an avenue for cloud providers to show they are ready to start the certification process.

FedRAMP-accredited third-party assessment organizations will fill out the report when they are conducting what is basically a pre-audit to deem cloud service providers “FedRAMP Ready.” The FedRAMP Program Management Office must then approve the report.

The new template is part of recent efforts to speed the process to get certified called FedRAMP Accelerated.

The report template published Tuesday lays out minimum requirements for the providers while giving guidance to the third-party assessors, according to the GSA blog post.

Being FedRAMP Ready signals the provider is likely to get a provisional authorization to operate, or P-ATO, via the Joint Authorization Board or an authorization to operate by an agency, the blog post says.

This process allows the government to assess the providers’ capabilities before they go through a lengthy documentation process to get certified.

Focusing on capabilities enables the third party “to assess a CSP’s [cloud service provider’s] system in a shorter amount of time,” and gives “the government a clearer understanding of a provider’s technical capabilities up-front in the assessment process,” according to the blog post.

Conducting the readiness assessment should be a two-to-four week effort for mid-size, straightforward systems, according to the template. The first half of the assessment would focus on information gathering, and the second on analysis and developing the report, according to the template.

“The RAR focuses on key capabilities rather than documentation,” the blog post says.

The public commented on a draft version of the template, and the final version reflects industry feedback, according to the post.

Cloud service providers can use the template immediately, the post says.

New template outlines FedRAMP readiness assessment

More Like This

ICE pursuing privacy approvals related to controversial phone location data

House Modernization panel advances bill to improve CRS’s data access in first-ever markup

Salesforce launches ‘Einstein 1’ generative AI tool for government

Top Stories

DOJ ‘not aware of any’ identity theft, fraud following consultant’s data breach

Kiran Ahuja to step down as OPM director

USPTO issues guidance for AI use in applications and processes

How NIH’s National Library of Medicine is testing AI to match patients to clinical trials

GAO budget request puts premium on modernization efforts

Login.gov pilot to include option for biometric verification

More Scoops

New FedRAMP roadmap details imminent plans for modernization

Agency FedRAMP usage increased but challenges persist, watchdog finds

Reimagining tech modernization for the future in government

OMB extends comment period for new FedRAMP guidance

Executive order gives GSA a lead role in executing the administration’s AI vision, Carnahan says

With draft guidance, OMB kickstarts effort to modernize FedRAMP for ‘today’s cloud challenges’

Federal cloud advisory committee sets public meetings to provide recommendations for FedRAMP

Latest Podcasts

New template outlines FedRAMP readiness assessment

World Bank’s Partha Perumbali and Aretec’s Waqas Haq on AI-powered search

Google’s Karen Dahut on the biggest opportunities for AI in the public sector

Elastic’s Chris Townsend on the power AI and cloud computing

Tech

Defense

Cyber

Acquisition