Skip to main content

Training

The FedRAMP PMO offers a series of online training courses to provide all stakeholders with a deeper understanding of FedRAMP and the level of effort that is required to successfully complete a FedRAMP assessment. This series consists of free e-learning courses geared towards specific stakeholder groups. The FedRAMP PMO encourages everyone to take these trainings, as the courseware provides participants with a holistic view of the FedRAMP process.

To register for the FedRAMP Training Series Curriculum:

  1. Follow this link: https://meet.gsa.gov/fedramp_training/event/registration.html
  2. Fill out the user information to set up an account (password length must be between 16 and 32 characters) and click “View”
  3. Click on your desired course within the FedRAMP Training Series Curriculum that you would like to view and complete

Once you have registered, you will recieve an e-mail confirmation and returning students can login here.

If you have any questions, comments, or concerns about the FedRAMP Training series, please send them to info@fedramp.gov with the subject line: “Regarding FedRAMP Training.”

Learning Paths for All Populations, including CSPs, 3PAOs, and Agencies

image alt text

Path 1: All Stakeholders

100-A: Welcome to FedRAMP

The "Welcome to FedRAMP Course" provides an overview of the FedRAMP program. FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This one-hour introductory course in the FedRAMP Training Series is intended for Cloud Service Providers (CSPs) and Third Party Assessment Organizations (3PAOs) who aren’t well acquainted with FedRAMP. This course also serves as an excellent source of information for anyone in government or the private sector who wants to learn more about the program.

Duration: 1 hour

Download a "PDF version" of the "Welcome to FedRAMP" training course.

Path 2: Designed for CSPs and 3PAOs

200-A: FedRAMP System Security Plan (SSP) Required Documents

"FedRAMP System Security Plan (SSP) Required Documents" course module provides CSPs with a deeper understanding of the detail and rigor required by the FedRAMP PMO. It will familiarize you with required documentation for initial package submission and give a detailed overview of FedRAMP’s SSP template and its supporting documents.

Duration: 1 hour

Download a PDF version of the "FedRAMP System Security (SSP) Required Documents" training course.

200-B: Security Assessment Plan (SAP)

The "Security Assessment Plan (SAP)" course module is designed to help FedRAMP Assessors understand how to write specific sections of these documents and the program’s reporting requirements.

Duration: 1 hour

Download a PDF version of the "Security Assessment Plan (SAP)" training course.

200-C: Security Assessment Report (SAR)

The "Security Assessment Report (SAR)" course module is designed to help FedRAMP Assessors understand how to write specific sections of these documents and the program’s reporting requirements.

Duration: 1 hour

Download a PDF version of the "Security Assessment Report (SAR)" training course.

200-D: Continuous Monitoring (ConMon) Overview

The purpose of the "ConMon Overview" training module is to provide guidance on continuous monitoring and ongoing authorization in support of maintaining a security authorization that meets the FedRAMP requirements. This training module is structured for a CSP going through the JAB path with a Third Party Assessment Organization (3PAO), or a 3PAO, conducting an assessment of the Cloud System.

Duration: 1 hour

Download a PDF version of the "Continuous Monitoring (ConMon) Overview" training course.

201-B: How to Write a Control

The "How to Write a Control" course teaches a CSP how to properly write a control that will satisfy the program’s requirements. This training module is structured for a CSP pursuing a JAB authorization with a 3PAO, or a 3PAO, conducting an assessment of the cloud system.

Duration: 1 hour

Download a PDF version of the "How to Write a Control" training course.

Path 3: Designed for 3PAOs

300-A: 3PAO FedRAMP 17020 Requirements: Understanding and Bridging the Gap

The "3PAO FedRAMP 17020 Requirements" course provides 3PAOs with guidance on how FedRAMP requirements apply to ISO/IEC 17020:2012 which specifies requirements for the competence of bodies performing inspection and for the impartiality and consistency of their inspection activities.

This course provides a 3PAO with the FedRAMP requirements overlaid on ISO/IEC 17020.

Duration: 1 hour

Released: June 7th, 2018

300-B: 3PAO Security Assessment Plan (SAP) Guidance

This course provides 3PAOs with guidance on FedRAMP requirements for creating a robust SAP.

Duration: 1 hour

Coming soon.

300-C: 3PAO Security Assessment Report (SAR) Guidance

This course provides 3PAOs with guidance on FedRAMP requirements for creating a robust SAR.

Duration: 1 hour

Coming soon.

300-D: 3PAO Documenting Evidence Procedures

This course provides 3PAOs with guidance on FedRAMP requirements for documenting evidence collected during the assessment and on how to populate the SAR.

Coming soon.

300-E: 3PAO Vulnerability Scanning Methodology and Documentation

This course describes the FedRAMP requirements for conducting vulnerability scanning on a system and teaches how to document results to meet FedRAMP requirements for initial authorization assessments and annual assessments.

Duration: 1 hour

Coming soon.

300-F: 3PAO Review of Security Assessment Report (SAR) Tables

This course provides 3PAOs with guidance on FedRAMP requirements for populating SAR tables to ensure that all tables are correctly populated.

Duration: 2 hours

Coming soon.

300-G: Readiness Assessment Report (RAR) Preparation

The "300-G RAR Preparation" course provides a discussion on how the FedRAMP security requirements must align with a CSP’s system security capabilities before the CSP system can be approved as FedRAMP Ready.

Duration: 1 hour

Download a PDF version of the "Readiness Assessment Report (RAR) Preparation" training course.