Our Approach and Methodology
SecureState’s methodology follows that within the FedRAMP directive. Our
team follows a very similar process to those laid out within FISMA while
building security packages for FedRAMP. FedRAMP follows a four phase
The FedRAMP assessment process is initiated by an agency or Cloud Service
Provider (CSP) beginning a security authorization using FedRAMP requirements
which are FISMA compliant and based on the NIST 800-53 standards and
initiating work with the FedRAMP PMO.
CSPs implement the FedRAMP requirements within their environment and hire
a FedRAMP approved third party assessment organization (3PAO) to perform an
independent assessment to audit the cloud system and provide a security
assessment package for review.
The FedRAMP Joint Authorization Board (JAB) will review the security
assessment package based on a prioritized approach and may grant a
Federal agencies can leverage CSP authorization packages for review when
granting an agency Authority to Operate (ATO) saving time and money.