Skip to main content

Focus on FedRAMP

FedRAMP Hosts its First 3PAO Workshop!

On Friday, March 30th, the FedRAMP PMO held a workshop with our accredited 3PAO vendors. The workshop consisted of a morning plenary session, which shared reasons for the updating the 3PAO requirements, insight into new FedRAMP policy updates, and an overview of common pitfalls of current assessments and how to avoid them. Following the morning briefing, the FedRAMP PMO met with 3PAOs one-on-one to receive any feedback on the updated requirements and a chance to review any other issues 3PAOs are facing.

In all, 65 attendees from 32 3PAOs joined the 3PAO Workshop. The goal is to continue to provide these workshops for 3PAOs to connect with each other, share lessons learned in security and implementation, and build relationships.

Here are some of the key takeaways from the workshop:

Why We’re Updating

The FedRAMP PMO is working with our partner A2LA to update 3PAO accreditation requirements to ensure a more consistent assessment experience program-wide.

What We’re Updating

Overall, the new updates require 3PAOs to:

  1. Participate in mandatory trainings
  2. Ensure 3PAO contract employees are held to the same standard as employees of their firm
  3. Strengthen the quality management system

Additionally, additions to the 3PAO requirements include expanding the scope of accreditation to not just organizations, but also to include a hands-on assessment exercises for individual assessors and teams.

Tips and Tricks

The FedRAMP PMO also shared “Tips and Tricks” on how to best maintain accreditation, including (but not limited to):

Next Steps

Following the 3PAO Workshop, all 3PAOs received the updated requirements as well as the workshop slides via email. 3PAOs have until COB Friday, April 13th to review the proposed updates to the requirements and provide comments and any feedback to the PMO. FedRAMP plans to officially release the updated requirements in mid-May.

Tiger Teams

Finally, as part of the requirements updates, the PMO will begin convening tiger teams to help strengthen 3PAO performance and address issues 3PAOs face in their assessments (contracting, new guidance documents, templates, training needs). If you are interested in participating in a tiger team, please let us know by emailing info@fedramp.gov!

Thank you to everyone who attended the 3PAO Workshop! We look forward to the next one. If you have any questions regarding the workshop or new requirements, please contact us at info@fedramp.gov.