Skip to main content

Focus on FedRAMP

Reviewing the SAR - Best Practices for 3PAOs, Agencies, and Cloud Service Providers

Cloud Service Providers (CSPs) pursuing a Low, Moderate, or High FedRAMP authorization are required to partner with a Third-Party Assessment Organization (3PAO) to perform an assessment of their cloud service offering. 3PAOs perform comprehensive independent and objective assessments of a CSP’s service offering and document the results of that assessment in the Security Assessment Report (SAR). The FedRAMP PMO has...

Read More

Next CSPs Selected to work with the JAB via FedRAMP Connect

The FedRAMP PMO just completed our most recent round of FedRAMP Connect, the process where Cloud Service Providers (CSPs) are prioritized to work with the Joint Authorization Board (JAB). CSPs that are selected to work with the JAB submitted business cases to the PMO in order to showcase the high demand for their cloud offering across the federal government and...

Read More

FAQs on Updated R311 Requirements

Since we released updates to the “R311-Specific Requirements: FedRAMP” on November 6th, which include new and strengthened qualifications for existing and new 3PAOs, we have received a number of questions from 3PAOs. In order to help 3PAOs fully understand what is required of them, we’ve drafted the FAQs below for your reference. If you have any additional questions that are...

Read More

FedRAMP Welcomes New Team Member to the PMO

FedRAMP is excited to introduce a new member of our Program Management Office (PMO) Team, Brian Conrad! Brian joins FedRAMP after working in industry where he spent over seven years building his IT, cybersecurity, and project management skills supporting various clients across the Department of Defense, including the United States Marine Corps, United States Navy, and the Chief Information Officer...

Read More

3PAO Proficiency Testing Activity Takes Effect in Phased Approach

FedRAMP and A2LA, in partnership with the Baltimore Cyber Range (BCR), is implementing a three-phased approach for FedRAMP Third Party Assessment Organizations (3PAOs) to pass the BCR Cybersecurity Technical Proficiency Activity. It’s the responsibility of each FedRAMP 3PAO to ensure assessors participate in the testing activity and provide a Technical Proficiency Activity Participation Plan to A2LA ( and the FedRAMP...

Read More

Page 2 of 23