Skip to main content

Conducting a FedRAMP Readiness Assessment

The FedRAMP Ready designation indicates that a Third Party Assessment Organization (3PAO) attests to a CSP’s readiness for the authorization process, and that a Readiness Assessment Report (RAR) has been reviewed and approved by the FedRAMP PMO. The RAR documents the CSP’s capability to meet FedRAMP security requirements and is intended to help vendors, the Joint Authorization Board (JAB), and Agencies have a snapshot of the security posture of a cloud service without the full investment of going through the full FedRAMP process of testing and documentation.

To achieve the FedRAMP Ready designation, a CSP must partner with an accredited 3PAO to complete a readiness assessment of its service offering. At the conclusion of the assessment, the 3PAO delivers a RAR attesting to the CSO’s readiness for the authorization process. RARs are reviewed by the FedRAMP PMO within one business week of submission. Once the RAR is deemed satisfactory by the PMO, the CSO will be designated FedRAMP Ready and advertised in the FedRAMP Marketplace.

Documents Templates Blogs