FedRAMP Agency Authorization Process - Tips, Tricks, and Best Practices
Continuing our efforts to enable transparency for Agencies and Cloud Service Providers (CSPs) alike, the FedRAMP PMO is excited to now provide materials on proven best practices for completion of the FedRAMP Agency Authorization process. The goal of these materials is to provide CSPs and Agencies with guidance that aligns their roles and responsibilities in the FedRAMP Agency Authorization process to tried and true best practices that FedRAMP has defined over the years.
Below are descriptions of each document, as well as links for download.
Agency Authorization - Roles and Responsibilities for FedRAMP, CSPs, and Agencies
Provides a summary review of the roles and responsibilities of the Agency, CSP, and FedRAMP PMO during the agency authorization process, including:
- Summary of key actions for all parties, organized according to the end-to-end lifecycle of both the initial and reuse Agency Authorization processes
- Description of advantages of pursuing an Agency Authorization to Operate (ATO)
- Description of tips and practices to implement while pursuing an ATO
- Description of the distinction between a JAB Provisional ATO (P-ATO) and an Agency ATO
Agency Authorization - Best Practices for Agencies A two-page document developed to provide a concise view of best practices specific to an Agency’s role in the authorization process.
Agency Authorization - Best Practices for CSPs Geared towards CSPs interested in or beginning the Agency Authorization process, this document helps CSPs understand how to:
- Partner with an Agency
- Engage with the FedRAMP PMO
- Plan for an Agency Authorization
- Navigate the Agency Authorization process
We hope these materials will help to align and educate both Agencies and CSPs. If you have additional questions about the Agency Authorization process, please don’t hesitate to reach out to firstname.lastname@example.org.