U.S. flag

An official website of the United States government

Archive Icon The content on this page is archived. For more up-to-date information, go to fedramp.gov.
Warning Icon

Important Notice

FedRAMP is operating mission-essential functions only due to the government shutdown. Please visit fedramp.gov/shutdown for more information.
Rev5 Training

Rev5 Training

Knowledge sharing is a primary goal for FedRAMP® to ensure all stakeholders understand the FedRAMP requirements and the authorization process.

Training is available in a couple different ways, either by pre-recorded courses on our Youtube page, or via live virtual training. Some courses are mandatory for specific roles in the program, but we urge all stakeholders to review the training materials available. FedRAMP creates training to help stakeholders obtain the knowledge and skills necessary to successfully navigate the FedRAMP process and meet its requirements.

Cloud Service Providers

These courses are designed to help cloud service providers (CSPs) understand the requirements of security package development as well as give a detailed overview of the required templates and supporting documentation.

See below for an overview of each of the CSP 200 level courses.

CourseDescriptionDurationCourse Resources
200-A: FedRAMP System Security Plan (SSP) Required Documents (Revised July 2021)This course provides CSPs with a deeper understanding of the detail and rigor required to complete a System Security Plan (SSP). A SSP is the main document of a security package in which a CSP describes all of the security controls, in use on the information system, and their implementation. This course will familiarize a CSP with the required documentation, for initial package submission, and give a detailed overview of FedRAMP’s SSP template and its supporting documents.32 minsCourse PDF
200-B: Security Assessment Plan (SAP)This course is designed to help FedRAMP recognized 3PAO assessors understand how to write specific sections of a Security Assessment Plan (SAP) document, which contains the test plan to assess the security controls of a system. In addition, this course will cover the program’s reporting requirements for a SAP.32 minsCourse PDF
200-C: Security Assessment Report (SAR)This course is designed to help FedRAMP recognized 3PAO assessors understand how to write specific sections of a Security Assessment Report (SAR). The SAR is required by FedRAMP to evaluate a system’s implementation of, and compliance with, FedRAMP’s baseline security controls.36 minsCourse PDF
200-D: Continuous Monitoring OverviewThis course provides guidance on continuous monitoring and ongoing authorization in support of maintaining a security authorization that meets FedRAMP requirements.33 minsCourse PDF
201-B: How to Write a ControlThis course gives an overview to a CSP of how to properly write a control that will satisfy the program’s requirements. This course is designed for a CSP pursuing a FedRAMP authorization, or a FedRAMP recognized 3PAO conducting an assessment of a cloud system.42 minsCourse PDF

Third Party Assessors

FedRAMP recognized third party assessment organizations (3PAOs) provide the insight and expertise necessary to successfully complete a FedRAMP assessment of a cloud service offering (CSO). These online modules are mandatory for all FedRAMP recognized 3PAO assessment team members; however, other stakeholders can use these modules as an excellent source to brush up on FedRAMP assessment review processes and requirements.

FedRAMP recognized 3PAO assessment team members are required to take these trainings and successfully pass the quizzes at the end of each course. A certificate of completion is provided to participants who pass each quiz with an 80% or higher. If the score is below 80%, the participant may retake the quiz.

Outlined below are the steps to view the 3PAO training courses:

Steps to Watch Training Videos

  1. Select a training link below and watch the training course video on YouTube. We recommend that you start with 300-0 and proceed sequentially with the subsequent training (300-00 through 300-F) once these courses are made available.
  2. If you wish to take the quiz, please return to this page after watching the video and follow the steps below to take the quiz.

Steps to Take Training Quizzes

  1. Once you have completed the video training course, please select the quiz link below that corresponds to the training course you watched. From there, you will be taken to a Qualtrics page.
  2. Prior to starting the quiz, you will be asked to fill out your first and last name and provide your work email address
  3. Click enter and then begin the quiz.
  4. Once you complete the quiz, a certificate of completion will be sent to the email address provided if a score of 80% or higher is achieved. If the score is below 80%, the participant may retake the quiz.
  5. Save the certificate for your records.

Note: 3PAO training requirements can be found in the American Association for Laboratory Accreditation (A2LA) R311- Specific Requirements: Federal Risk and Authorization Management Program (FedRAMP). This policy document outlines the requirements for all FedRAMP recognized 3PAOs and organizations seeking A2LA accreditation to be recognized by FedRAMP. To learn more please visit A2LA’s Website.

CourseDescriptionDurationCourse Resources
300-0: 3PAO Obligations and Performance GuideThe 300-0 level training provides an overview of the 3PAO responsibilities, obligations, and performance standards and intends to define the scope of a 3PAO’s roles and responsibilities relating to the FedRAMP assessment process, describe the importance of FedRAMP’s 3PAO obligations and performance standards as outlined in the 3PAO Obligations and Performance Standards document, and detail the process required for an Independent Assessment Organization (IAO) to become a FedRAMP recognized 3PAO41 minsCourse PDF

Federal Agencies

These training videos provide agency stakeholders with tips and best practices to successfully implement the FedRAMP Authorization process.

These courses are currently unavailable.