- Agencies – use the FedRAMP process when conducting risk assessments, security authorizations, and granting an ATO to a cloud service.
- Agencies roles in FedRAMP
- Initiate-Agency checks whether CSP has an existing ATO from JAB/other agencies if yes, asks for the SA&A package for review, if NO initiate a request to tell FeRAMP PMO whether CSP will be pursing an agency ATO or JAB ATO
- Authorize-The agency needs to review SA&A package (SAR, POAM and SSP) to either issue an ATO, Interim ATO, Denial an ATO or leverage existing ATO from JAB-(Agency ATO or JAB ATO)
- Agency reviews continuous monitoring artifacts available in the FedRAMP secure repository periodically
- Report– Agency reports CSP who they think cannot meet FeRAMP requirement
error: Content is protected !!
Accessing this course requires a login. Please enter your credentials below!