The American Association for Laboratory Accreditation (A2LA) has unveiled updated requirements mandatory to third-party assessment organizations (3PAO) of the Federal Risk and Authorization Management Program (FedRAMP).
The updated version of the R311 policy document features new requirements that will be effective immediately and considered in the next A2LA assessment of each 3PAO, FedRAMP said in a blog post published Wednesday.
The new requirements cover personnel qualifications, training plan time durations and subcontracting. The new policy also tasks 3PAOs that have not completed an assessment within a year to undergo an exercise to maintain their FedRAMP authority.
FedRAMP aims to bolster and standardize the security of cloud products used in the federal government. Third-party assessment organizations work to evaluate the compliance of commercial cloud products with FedRAMP standards.
A2LA serves as the accreditation body for FedRAMP 3PAOs.