Types of FedRAMP® Resources Available
Learning is a core component of FedRAMP. FedRAMP provides online courses and videos to inform our stakeholders every step of the way. This page captures the various learning opportunities FedRAMP provides to the community.
Deep-dive courses on various elements of the authorization process and what’s required of specific stakeholder groups. These online courses are available to all stakeholders to better understand the FedRAMP Authorization process.
In-Person Trainings and Events
The FedRAMP Program Management Office (PMO) provides hands-on training opportunities on specific topics for all audiences. To receive announcements for in-person trainings, please subscribe for email updates.
These online courses consist of on-demand modules designed for specific stakeholder groups. Each course provides an in-depth focus around a specific step in the FedRAMP Authorization process. Throughout each course, stakeholders will gain a better understanding of roles and responsibilities, security requirements, and best practices.
Cloud Service Providers
200-A: FedRAMP System Security Plan (SSP) Required Documents (Revised July 2021)
This course provides CSPs with a deeper understanding of the detail and rigor required to complete the System Security Plan (SSP). The SSP is the main document of a security package in which a CSP describes all of the security controls in use on the information system and their implementation. This course will familiarize the CSP with the required documentation for initial package submission and give a detailed overview of FedRAMP’s SSP template and its supporting documents.
200-B: Security Assessment Plan (SAP)
This module is designed to help FedRAMP Assessors understand how to write specific sections of the Security Assessment Plan (SAP) documents which contain the test plan to assess the security controls of a system. In addition, this course will cover the program’s reporting requirements for the SAP.
200-C: Security Assessment Report (SAR)
This course is designed to help FedRAMP Assessors understand how to write specific sections of the Security Assessment Report (SAR). The SAR is required by FedRAMP to evaluate the system’s implementation of, and compliance with, the FedRAMP baseline security controls, and thus the system’s compliance with Federal Information Security Modernization Act (FISMA) security mandates.
200-D: Continuous Monitoring Overview
This course provides guidance on continuous monitoring and ongoing authorization in support of maintaining a security authorization that meets the FedRAMP requirements. This course is structured for a CSP going through the JAB path with a Third Party Assessment Organization (3PAO), or a 3PAO, conducting an assessment of the cloud system.
201-B: How to Write a Control
This course gives an overview for a CSP of how to properly write a control that will satisfy the program’s requirements. This course is designed for a CSP pursuing a JAB Authorization with a 3PAO, or a 3PAO conducting an assessment of the cloud system.
Third Party Assessors
The PMO is updating the FedRAMP 3PAO Training Modules and the current series is temporarily unavailable. This effort is to make sure the training content is up to date and the training series is more easily accessible to all partnering stakeholders. The PMO is working hard to ensure that the training content is available, but is also taking this time to update the quality and usability of the training materials. We will provide regular updates on this page and by email as we solidify details and dates for the new training release. If you have any time sensitive questions or concerns, please reach out to info@fedRAMP.gov with the subject line: 3PAO Training.
400-A: ISSO On-Demand Modules
This training is designed for Information System Security Officers (ISSOs) based on FedRAMP’s Agency Authorization Playbook and includes a deep dive into each authorization phase. This course provides ISSOs the knowledge necessary to effectively review FedRAMP Authorization packages for cloud services and understand the FedRAMP framework and available resources.
This course is currently unavailable