Finalizing the Security Assessment
The Finalizing the Security Assessment step involves the tasks and deliverables below. Please refer to the FedRAMP Concept of Operations document for more detailed information.
- CSP compiles the security documents into a single security assessment package and submits and attests to the truth of the security control implementations detailed in the security assessment package.
- JAB reviews the security assessment package and makes a final risk-based decision on whether to grant a Provisional Authorization.
- CSP systems that receive a Provisional Authorization will be listed on www.FedRAMP.gov. The FedRAMP PMO provides CSPs instructions on how to reapply should they be denied a Provisional Authorization.
|Finalized Security Assessment Package||Complete package of all security assessment deliverables and related evidence.|
|Supplier's Declaration of Conformity (SDOC)||CSPs verify and attest to the truth of the implemented security controls as detailed in their security assessment package.|