Finalizing the Security Assessment
The Finalizing the Security Assessment step involves the tasks and deliverables below. Please refer to the FedRAMP Concept of Operations document for more detailed information.
- CSP compiles the security documents into a single security assessment package and submits and attests to the truth of the security control implementations detailed in the security assessment package.
- JAB reviews the security assessment package and makes a final risk-based decision on whether to grant a Provisional Authorization.
- CSP systems that receive a Provisional Authorization will be listed on www.FedRAMP.gov. The FedRAMP PMO provides CSPs instructions on how to reapply should they be denied a Provisional Authorization.
| Deliverable | Description |
|---|---|
| Finalized Security Assessment Package | Complete package of all security assessment deliverables and related evidence. |
| Supplier's Declaration of Conformity (SDOC) | CSPs verify and attest to the truth of the implemented security controls as detailed in their security assessment package. |
