Federal Risk and Authorization Management Program (FedRAMP) security assessment serves to increase confidence in the security of cloud solutions utilized by the federal government.
FedRAMP is a government-wide program providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products/services. To meet the security requirements embedded with FISMA and the NIST publications so that an agency may outsource with the confidence that its cloud provider partner is meeting those requirements.
FedRAMP Authorization Paths
DHS, DoD, and GSA CIOs rigorously review CSP packages for an acceptable risk posture using a standard baseline approach
Provides provisional authorizations to operate for use across the federal government
A CSP may submit the appropriate documentation to the FedRAMP PMO and to an Agency
Agencies have varying levels of risk acceptance however, they may grant an ATO
Packages are reviewed by at least one agency and determined to be FedRAMP Compliant by the reviewing agency resulting in an Agency ATO
CSPs may supply a security package to the FedRAMP PMO for prospective agency use
CSPs complete the FedRAMP SAF independently, instead of through the JAB or through a Federal agency
CSPs will not have an authorization at the completion, but will have a FedRAMP Compliant package available for leveraging
FedRAMP Authorization Process
How Elevate Can Help
Regardless of the path chosen and/or stage of the authorization process, Elevate can help your organization meet its FedRAMP goals by performing all the readiness services prior to the visit from the 3PAO and to prepare to final package preparation to the agency. Specifically the following:
By assisting in the completion of documentation and identification of necessary controls, Elevate can reduce the time it takes to achieve your authorization to operate (ATO).
Elevate offers a FedRAMP pre-assessment to assist organizations in benchmarking the CSP’s current environment against FedRAMP controls, determining if the CSP is prepared for the security assessment, and addressing known issues prior to beginning the assessment.