U.S. flag

An official website of the United States government

Archive Icon The content on this page is archived. For more up-to-date information, go to fedramp.gov.
Warning Icon

Important Notice

FedRAMP is operating mission-essential functions only due to the government shutdown. Please visit fedramp.gov/shutdown for more information.
A2LA Updates the R311

A2LA Updates the R311

September 18, 2023

The American Association for Laboratory Accreditation (A2LA) recently released an updated version of the A2LA R311 — Specific Requirements: Federal Risk and Authorization Management Program (FedRAMP). This policy document specifies the requirements for all FedRAMP recognized third party assessment organizations (3PAOs) and organizations seeking FedRAMP recognition.

The key updates to the R311 include:

  • Adding additional certification options for the penetration tester role
  • Shifting the A2LA F337 and F338 feedback forms from a PDF to digital format to allow for easier completion by cloud providers and 3PAOs
  • Requiring 3PAOs to report any foreign ownership, control, or influence (FOCI) operations utilizing the FedRAMP 3PAO FOCI Declaration Form as part of initial and subsequent renewal applications
  • Clarifying that if a 3PAO is revoked twice by FedRAMP, the 3PAO is no longer eligible to be recognized by FedRAMP

To learn more about the changes, please visit A2LA’s website, and please reach out to FedRAMP@a2la.org with any questions.