Pursuing a FedRAMP® JAB Provisional Authorization
JAB Authorization Process
If the JAB path is the selected authorization process, the first major phase is preparation. There are two steps within this phase: FedRAMP Connect and the readiness assessment, which is required unlike in the agency process. As a part of the FedRAMP connect step a CSP must submit the FedRAMP connect business case and then become prioritized to work with JAB. After this the CSP begins the readiness assessment step, beginning with securing an RAR development which is then reviewed by the FedRAMP PMO. Remediation will take place if needed followed by the issuing of the FedRAMP ready designation.
Once the CSP is prioritized for JAB and FedRAMP ready they may begin the authorization phase. The first step involves securing a full security authorization package which includes deliverables such as the SSP, SAP, SAR, and POA&M. After this starts the next step, the JAB authorization process. After a meeting servicing as a review for the offering is held, periods of time dedicated to remediation, review, and a final review take place. After all of this is complete, the JAB will issue the CSP a P-ATO letter in coordination with becoming FedRAMP authorized.
CSP JAB P-ATO Roles and Responsibilities
This document provides an overview of a CSP’s roles and responsibilities in the JAB P-ATO Process.
JAB Prioritization Criteria and Guidance
This document outlines the criteria by which CSPs are prioritized to work with the JAB, the prioritization process, and the Business Case requirements.
FedRAMP Authorization Boundary Guidance
This document provides CSPs guidance for developing the authorization boundary for their offering(s) which is required for their FedRAMP Authorization package.