SecureState’s methodology follows that within the FedRAMP directive. Similar to FISMA, our team follows a four-phase process while building security packages for FedRAMP.
The FedRAMP assessment process is initiated by an agency or Cloud Service Provider (CSP) beginning a security authorization using FedRAMP requirements. These requirements are FISMA compliant and based on the NIST 800-53 standards.
CSPs implement the FedRAMP requirements within their environment and hire a FedRAMP approved third party assessment organization (3PAO) to perform an independent assessment to audit the cloud system and provide a security assessment package for review.
The FedRAMP Joint Authorization Board (JAB) will review the security assessment package based on a prioritized approach and may grant a provisional authorization.
Federal agencies can leverage CSP authorization packages for review when granting an agency Authority to Operate (ATO), saving time and money.