The General Services Administration has created a pre-audit template for cloud service providers and third-party assessment organizations to demonstrate a CSP’s readiness to go through the Federal Risk and Authorization Management Program certification process.
FedRAMP Director Matt Goodrich wrote in a blog entry posted Tuesday that GSA released the FedRAMP Readiness Assessment Report template as part of efforts to accelerate the approval process for commercial cloud offerings that are geared toward government agencies.
“The RAR focuses on key capabilities rather than documentation, enabling 3PAOs to assess a CSP’s system in a shorter amount of time and giving the government a clearer understanding of a provider’s technical capabilities up-front in the assessment process,” Goodrich noted.
He added CSPs who have been deemed “FedRAMP Ready” through their readiness assessment reports are likely to obtain certification from the program’s joint authorization board or a federal agency.
The RAR template is the result of a public vetting period that GSA launched in March 2016 to gather feedback from industry, according to Goodrich.
“The template also provides an area to collect information that receives more subjective analysis, and guidance for the 3PAO is now part of the template itself.”