Pursuing a FedRAMP® JAB Provisional Authorization
There are two approaches to obtaining a FedRAMP Authorization, a provisional authorization through the Joint Authorization Board (JAB) or an authorization through an agency. The JAB is the primary governing body for FedRAMP and includes the Department of Defense (DoD), Department of Homeland Security (DHS), and General Services Administration (GSA). The JAB selects approximately 12 cloud products a year to work with for a JAB Provisional Authority to Operate (P-ATO). Additionally, the JAB is responsible for performing the continuous monitoring for all JAB Authorized cloud products.
JAB Authorization Process
Resources
The resources below provide additional guidance on the JAB Provisional Authorization path. Additional technical guidance as well as FedRAMP templates are located on our Documents & Templates page under Resources.
CSP JAB P-ATO Roles and Responsibilities
This document provides an overview of a CSP’s roles and responsibilities in the JAB P-ATO Process.
JAB Prioritization Criteria and Guidance
This document outlines the criteria by which CSPs are prioritized to work with the JAB, the prioritization process, and the Business Case requirements.
FedRAMP Authorization Boundary Guidance
This document provides CSPs guidance for developing the authorization boundary for their offering(s) which is required for their FedRAMP Authorization package.