New FedRAMP Readiness Assessment Report for High and Moderate Impact Systems
We recently released version 1.0 of the High Baseline Readiness Assessment Report (RAR) Template which is available for immediate use by CSPs and 3PAOs for assessing a system’s readiness to achieve a FedRAMP High authorization.
Additionally, we incorporated updates to the Moderate RAR Template by incorporating a number of instructions with added clarity and areas where the PMO needs additional information to make an informed FedRAMP Ready decision.
The FedRAMP High RAR Template places emphasis on the use of automated mechanisms for control implementations and addresses the following key items required for an authorization at the high impact level:
The requirement to include all services of the system to reside within the authorization boundary
The requirement for authentication mechanisms meeting eAuth Level 4 requirements
High controls that have been identified as particularly challenging , either in terms of cost or technical complexity
All RARs submitted to the FedRAMP PMO must use this new version of the template immediately.
We have also posted a Readiness Assessment Report (RAR) Guide for 3PAOs, which outlines how to best utilize the RAR. This guide provides a shared understanding of the RAR’s intent, process, and best practices to improve the likelihood of 3PAOs successfully completing the RAR.
Please reference this guide if you have any questions, and if you need additional clarification feel free to reach out to email@example.com.