GSA Blog

GSA Blog Logo
image

The next step in getting vendors into FedRAMP

| Matt Goodrich, FedRAMP director
Post filed in: FedRAMP  |  Technology  |  Technology Transformation Services

As part of the FedRAMP Accelerated process, GSA is releasing the FedRAMP Readiness Assessment Report (RAR) Template, which is essentially a pre-audit, enabling cloud providers to demonstrate their readiness to achieve a FedRAMP authorization. This allows the FedRAMP Program Management Office to determine if a cloud service provider (CSP) is ready to pursue a FedRAMP authorization.

CSPs can immediately begin to use this template for Readiness Assessments by FedRAMP Accredited third party assessment organizations (3PAOs). CSPs whose RAR is approved by the FedRAMP PMO are deemed “FedRAMP Ready” in the FedRAMP marketplace. A FedRAMP Ready designation indicates that a CSP is likely to attain a Provisional Authorization to Operate (P-ATO) via the Joint Authorization Board (JAB) or an Authorization to Operate (ATO) by an Agency. The RAR focuses on key capabilities rather than documentation, enabling 3PAOs to assess a CSP’s system in a shorter amount of time and giving the government a clearer understanding of a provider’s technical capabilities up-front in the assessment process.

This final version of the RAR reflects industry feedback received during a public vetting period that began in March 2016, and can now be used to get to FedRAMP Ready. It clearly identifies minimum requirements for CSPs and clarifies guidance for 3PAOs. The template also provides an area to collect information that receives more subjective analysis, and guidance for the 3PAO is now part of the template itself.

The RAR is one of several changes introduced by FedRAMP Accelerated to reduce the cost and effort for both CSPs and the federal government. For questions about the FedRAMP RAR, please contact info@fedramp.gov.