Tech

New template outlines FedRAMP readiness assessment

The General Services Administration's Federal Risk and Authorization Management Program dropped Tuesday the final version of its Readiness Assessment Report template, an avenue for cloud providers to show they are ready to start the certification process.

By Samantha Ehlinger

August 9, 2016

(iStockPhoto)

The General Services Administration’s Federal Risk and Authorization Management Program dropped Tuesday the final version of its Readiness Assessment Report template, an avenue for cloud providers to show they are ready to start the certification process.

FedRAMP-accredited third-party assessment organizations will fill out the report when they are conducting what is basically a pre-audit to deem cloud service providers “FedRAMP Ready.” The FedRAMP Program Management Office must then approve the report.

The new template is part of recent efforts to speed the process to get certified called FedRAMP Accelerated.

The report template published Tuesday lays out minimum requirements for the providers while giving guidance to the third-party assessors, according to the GSA blog post.

Being FedRAMP Ready signals the provider is likely to get a provisional authorization to operate, or P-ATO, via the Joint Authorization Board or an authorization to operate by an agency, the blog post says.

This process allows the government to assess the providers’ capabilities before they go through a lengthy documentation process to get certified.

Focusing on capabilities enables the third party “to assess a CSP’s [cloud service provider’s] system in a shorter amount of time,” and gives “the government a clearer understanding of a provider’s technical capabilities up-front in the assessment process,” according to the blog post.

Conducting the readiness assessment should be a two-to-four week effort for mid-size, straightforward systems, according to the template. The first half of the assessment would focus on information gathering, and the second on analysis and developing the report, according to the template.

“The RAR focuses on key capabilities rather than documentation,” the blog post says.

The public commented on a draft version of the template, and the final version reflects industry feedback, according to the post.

Cloud service providers can use the template immediately, the post says.

New template outlines FedRAMP readiness assessment

More Like This

DOJ, OPM get TMF boost to modernize legacy IT

A better way for agencies to integrate their Salesforce data within their operations

Decentralizing digital infrastructure: the path to resilient and responsive government services

Top Stories

Federal law enforcement officials make the case for expanded drone authorities

Inside the SEC’s AI approach: Spotting risks, building on machine-learning past

From translation to email drafting, State Department turns to AI to assist workforce

Senate Republican’s DOGE Acts would codify Schedule F, freeze federal hiring and salaries

OPM will use AI to modernize legacy IT system over a two-year period

How the Global Engagement Center hopes to fight deepfakes abroad

Trump picks venture capitalist David Sacks as ‘AI & Crypto Czar’

Agency software purchasing bill passes House

More Scoops

Anthropic model subject of first joint evaluation by US, UK AI Safety Institutes

Anthropic eyes FedRAMP accreditation in quest to sell more AI to government

OpenAI further expands its generative AI work with the federal government

FedRAMP’s new director has big plans for the cloud compliance program

Data, talent, funding among top barriers for federal agency AI implementation

FITARA scorecard sees sweeping improvements, as agencies look ahead to FedRAMP, AI hiring

Prioritization, agility key to post-quantum standards implementation, US officials say

Latest Podcasts

Extreme Weather, AI, and Infrastructure Resilience: Insights from CISA ISD Chief Meteorologist Sunny Wescott

OPM is using AI to modernize its legacy COBOL-coded systems; DOD to award $50M to accelerate development of emerging tech projects

Marsha Blackburn’s DOGE Acts would codify Schedule F, freeze federal hiring and salaries; Defense committees agree on independent cyber force assessment in 2025 NDAA

Trump names an ‘AI & Crypto Czar;’ Agencies are falling short on IoT cybersecurity compliance

Tech

Defense

Cyber

FedScoop TV