Becoming a 3PAO
FedRAMP uses a conformity assessment process to accredit 3PAOs. To become an accredited 3PAO under FedRAMP, 3PAOs have to submit application materials that demonstrate that they meet:
- Demonstrated technical competence in the security assessment of cloud-based information systems; and
- The requirements based on ISO/IEC 17020:1998 for organizations performing inspections.
FedRAMP has initiated the necessary steps to transition to a private sector accreditation body as described in the FedRAMP Third Party Assessment Organization (3PAO) Program Description v1.0 October 1, 2011. As such, effective March 25, 2013, FedRAMP stopped accepting new application packages from organizations applying to become accredited Third Party Assessment Organizations (3PAO). In addition, effective March 25, 2013, FedRAMP stopped accepting any resubmitted application packages from previous applicants in response to letters of non-conformity from the FedRAMP PMO. After the transition period, organizations interested in being accredited 3PAOs will apply through the selected accreditation body’s process.
More information about this update can be found at http://1.usa.gov/VAHwGl .
Questions can be sent to 3PAO@fedramp.gov.
FEDRAMP 3PAO REQUIREMENTS
Click Here to Review Requirements