Skip to main content

Training

Knowledge sharing is a primary goal for FedRAMP® to ensure all stakeholders understand the FedRAMP requirements and the authorization process.

Training is available in a couple different ways, either by pre-recorded courses on our Youtube page, or via live virtual training. Some courses are mandatory for specific roles in the program, but we urge all stakeholders to review the training materials available. FedRAMP creates training to help stakeholders obtain the knowledge and skills necessary to successfully navigate the FedRAMP process and meet its requirements.

Steps to Watch Training Videos

  1. STEP 1: Select a training link below and watch the training course video on YouTube.
    1. We recommend that you start with 300-0 and proceed sequentially with the subsequent training (300-00 through 300-F) once these courses are made available.
  2. STEP 2: If you wish to take the quiz, please return to this page after watching the video and follow the steps below to take the quiz.

Steps to Take Training Quizzes

  1. STEP 3: Once you have completed the video training course, please select the quiz link below that corresponds to the training course you watched. From there, you will be taken to a Qualtrics page.
  2. STEP 4: Prior to starting the quiz, you will be asked to:
    1. Fill out your first and last name
    2. Provide your work email address
  3. STEP 5: Click enter and then begin the quiz.
  4. STEP 6: Once you complete the quiz:
    1. A certificate of completion will be sent to the email address provided if a score of 80% or higher is achieved.
    2. If the score is below 80%, the participant may retake the quiz again.
  5. STEP 7: Save the certificate for your records.

Note: 3PAO training requirements can be found in the American Association for Laboratory Accreditation (A2LA) R311- Specific Requirements: Federal Risk and Authorization Management Program (FedRAMP). This policy document outlines the requirements for all FedRAMP recognized 3PAOs and organizations seeking A2LA accreditation to be recognized by FedRAMP. To learn more please visit A2LA’s Website.

300-0: 3PAO Obligations and Performance Guide

The 300-0 level training provides an overview of the 3PAO responsibilities, obligations, and performance standards and intends to achieve the following learning objectives:

  • Define the scope of a 3PAO’s roles and responsibilities relating to the FedRAMP assessment process
  • Describe the importance of FedRAMP’s 3PAO obligations and performance standards as outlined in the 3PAO Obligations and Performance Standards document
  • Recall the process required for an Independent Assessment Organization (IAO) to become a FedRAMP recognized 3PAO

Training planned next!

300-A Readiness Assessment Report (RAR) Guidance

300-B Security Assessment Plan (SAP) Guidance

300-C Security Assessment Report (SAR) Guidance

300-D Documenting Evidence Procedures

300-E 3PAO Vulnerability Scanning Methodology and Documentation

300-F Review of Security Assessment Report (SAR) Tables

400-A: ISSO On-Demand Modules

This training is designed for Information System Security Officers (ISSOs) based on FedRAMP’s Agency Authorization Playbook and includes a deep dive into each authorization phase. This course provides ISSOs the knowledge necessary to effectively review FedRAMP Authorization packages for cloud services and understand the FedRAMP framework and available resources.

This course is currently unavailable

Connect with FedRAMP

YouTube

To view videos about general FedRAMP information and both required and optional FedRAMP training, tune into the FedRAMP YouTube channel.

Browse Videos

Newsletter

To receive immediate notification when blogs, the monthly PMO Newsletter, and any important announcements or program updates are released, join the FedRAMP subscriber list.

Subscribe