FedRAMP Launches New 300-B Training
We’re excited to launch the next course in the Third Party Assessment Organization (3PAO) Training Series focused on the Security Assessment Plan (SAP). This 300 level training series provides 3PAOs and other interested stakeholders with a deeper understanding of FedRAMP’s requirements and the level of effort (LOE) required to satisfactorily plan and perform a FedRAMP security assessment.
In this new training course, we’ll focus on the importance of the SAP and how it should be used as a roadmap for conducting the assessment of a Cloud Service Offering (CSO). You’ll gain better understanding around developing the plan and the necessary components of both the initial and annual SAPs.
This course will cover information about:
- The initial SAP as a full assessment of the entire security boundary
- Types of controls to be assessed in the annual SAP
- Timeliness and quality of testing including penetration testing, vulnerability scanning, and security controls testing
- Approach to how alternative implementations will be assessed in the SAP
- Type of assessment tools used for testing to be identified
- The Penetration Testing Plan and methodology to to comply with all requirements identified in the FedRAMP Penetration Testing Guidance
The goal of these trainings is to focus on specific functions, processes, procedures, policies, and/or guidance needed for 3PAOs to successfully complete their assessment. There is a final quiz when the course has been completed and a certificate of completion is provided to those students who complete the course and pass the final quiz. Please use Google Chrome or Mozilla Firefox to ensure your certificate is generated at the conclusion of the module.
For more information about the FedRAMP training series curriculum, please visit our training web page.