FedRAMP JAB Business Case extended

Abel Sussman, Senior Project Manager, Commercial Services, Coalfire

The FedRAMP Business Case for being considered for this cycle of the Joint Authorization Board (JAB) has been pushed out to August 31 at 5:00pm eastern. The additional time is to accommodate the large number of requests to document demand verification. Earlier the JAB has stated that federal demand across the U.S. government is the primary selection criteria for cloud service providers to be selected. This demand can be shown in current customers, on premise customers interested in a cloud offering, and potential customers documented through RFI/RFPs. 

Other preferential criteria are:

  • Alignment with OMB priorities: Trusted Internet Connections, IPv6, HSPD-12
  • Government only clouds
  • Offering at the FedRAMP High security risk level
  • Proven organizational maturity (CMMI Level 3+, ISO Organizational Certifications, etc.
  • Prior experience with federal security authorizations (including the use of a 3PAO in a consulting capacity)
  • Dependencies from other Cloud Service Offerings (such as Infrastructure as a Service, or Platform as a Service).

You can review the JAB application at the following link: https://gsa-burra.formstack.com/forms/fedramp_business_case_for_jab_prioritization

For Cloud Service Providers unable to meet the August 31st deadline, the JAB expects another opportunity to submit in December 2017.

Coalfire is the leading FedRAMP 3PAO and has experience in reviewing JAB applications to assure that cloud service providers highlight their value and implemented security features. We can perform a quality assurance check of your application ahead of submission.

Abel Sussman


Abel Sussman — Senior Project Manager, Commercial Services, Coalfire

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS