Understanding initial authorization and FedRAMP processes

Join Jim Masella, VP, Advisory Services, Coalfire, as he provides valuable insights into the process of becoming an initial authorizing agency for FedRAMP, including the associated costs and resources.

The presentation showcases successful agencies and explains the concept of being "in-process," and covers the steps to obtain an ATO along with the requirements for being considered "in-process." The presentation clarifies the role of the initial authorizing agency, distinguishes it from the agency sponsor, and explains the individual risk review and authorization process.

Furthermore, Jim discusses commonly asked questions about the authorization process, responsibilities of the initial authorizing agency, and the role of FedRAMP in ensuring security are addressed. The relationship between FedRAMP and NIST FISMA baseline controls, the distinction between ATOs and Authorization to Use (ATU), and the importance of maintaining an active ATO with the FedRAMP PMO for cloud service offerings are explored. Jim also provides a comprehensive understanding of the initial authorization process, resource requirements, and key considerations for agencies pursuing or maintaining FedRAMP ATOs.