A Federal Risk and Authorization Management Program office plans to add a “readiness capabilities assessment” to the FedRAMP process in an effort to help vendors demonstrate their cloud technology and service offerings early on.
The revamped process will require cloud service providers who seek a FedRAMP Ready status to complete a system evaluation with a third-party assessment organization rather than going through documentation reviews by the FedRAMP’s program management office, according to an announcement published Monday.
The program aims to help “CSPs and agencies to achieve FedRAMP authorizations faster without negatively impacting risk and quality of security packages.”
The FedRAMP PMO has also started to gather industry comments on draft versions of the FedRAMP Readiness Assessment Report Template and the FedRAMP Readiness Assessment Guidance.
CSPs and 3PAOs can submit their input for those documents through April 29.