FedRAMP Updates 3PAO Requirements

Wednesday, November 14, 2018 2:00 PM – 3:00 PM ET

Hosted by FedRAMP and DigitalGov University

FedRAMP, in partnership with the American Association for Laboratory Accreditation (A2LA), updated the “R311 -Specific Requirements: FedRAMP,” which includes new and strengthened qualifications for existing and new 3PAOs.

Key updates:

  • Incorporation of the R346 – Specific Requirements: Baltimore Cyber Range (BCR) Cybersecurity Technical Proficiency Activity Information, which requires all 3PAO assessors to take a hands-on proficiency exercise, conducted by the Baltimore Cyber Range (BCR), at initial accreditation and annually thereafter
  • Accreditation to ISO/IEC 17020, under the A2LA Cybersecurity Inspection Body Program, for a period of one year as evidence of implementation of a 3PAO’s quality management system
  • Forty hours of Continuing Professional Education (CPE) or equivalent for each 3PAO assessment team member
  • Regular FedRAMP PMO touch-points with 3PAOs and CSPs for feedback on deliverables and customer experience
  • Guidance for non U.S. based 3PAO personnel and/or OCONUS operations

Questions about this event or future FedRAMP events? Send them to info@fedramp.gov