Cloud service providers (CSPs) who are seeking to obtain a FedRAMP Authority to Operate (ATO) face a technically rigorous and higher scrutiny assessment process than most organizations are used to experiencing – even more so than the one to meet FISMA requirements. FedRAMP is often referred to as a “high-bar” for security in the cloud.
A FedRAMP assessment is more rigorous than a FISMA assessment as illustrated by the additional control and control enhancements that must be implemented and tested.
|Impact System Level
||FISMA Assessment based on NIST 800-53 Rev 4
How Coalfire can Help
Coalfire is the leading FedRAMP-accredited Third-Party Assessment Organization (3PAO), having completed more than 70 assessments resulting in JAB Provisional or agency authorizations for our cloud service provider (CSP) clients.
The FedRAMP assessment includes:
Each of these are documented in the Security Assessment Report (SAR), which is provided to the FedRAMP JAB or sponsoring agency to make a decision regarding issuance of an Authority to Operate (ATO).
CSPs that serve or want to serve DoD clients must meet the Department of Defense Cloud Security Requirements Guide (DoD SRG) for the designated Impact Level. This is an additional service that can be done in parallel with a FedRAMP assessment for a moderate impact level system or higher.
Why Choose Coalfire for your FedRAMP Assessment
- Coalfire is an accredited third-party assessment organization (3PAO). All 3PAOs are accredited by the American Association for Laboratory Accreditation (A2LA) to conduct assessments of CSPs who are required to meet the security requirements outlined by the FedRAMP program to provide secure cloud services to government agencies.
- We know the process and best practices as we understand FedRAMP requirements and JAB interpretation of controls
- Our team is highly experienced in NIST 800-53 and DoD requirements, and how they relate to commercial cloud environments.
- Coalfire has been providing assessment services since 2001.