top of page
FedRAMP
Consultancy
HOW WE CAN HELP
Why FedRAMP?
If you have a Cloud Service Offering (CSO) that is being used by the US federal government, you should consider obtaining a FedRAMP Authorization. Cloud services that hold federal data must be FedRAMP Authorized.
How to obtain FedRAMP?
There are two approaches to obtaining a FedRAMP Authorization: a provisional authorization through the Joint Authorization Board (JAB) or an authorization through an agency. Both authorization paths require a security assessment based on Federal Information Security Management Act (FISMA) requirements and National Institute of Standards and Technology (NIST) 800-53 baselines.
FedRAMP is right for you if:
● You have an interest in selling your CSO to the US federal government.
● Your current federal government customers are asking you to obtain a FedRAMP Authorization.
● You are looking to expand the federal customer footprint by having the ability to market your service as FedRAMP Authorized
What is a System Security Plan (SSP)?
An SSP is the “security blueprint” for the Cloud Service Offering. AKRUP will help you to prepare a well-written SSP, which will allow the reviewer to pull the thread between the system’s architecture, data flows, security control implementations, and
authorization boundary.
Quality SSP is the key to success!
CSPs choose AKRUP as an experienced advisory partner to help develop the SSP. A common barrier to success is a poorly written, incomplete, inaccurate, and/or inconsistent SSP.
Assistance with dealing with AO and 3PAOs
AKRUP will assist you to communicate with US Federal Agency Authorizing Official (AO) and Third Party Assessment Organizations (3PAOs).
bottom of page