Transparency in the operation of FedRAMP was a key theme at GSA’s December 16th Industry Event. GSA and NIST officials emphasized that FedRAMP program would operate transparently and that applicable standards and requirements will be public. The officials also emphasized that the program’s “do once, use many times” framework for security assessment, authorization and continuous monitoring was designed to avoid redundant security assessments, thus saving “significant cost, time and resources.”
The Center for Regulatory Effectiveness, operating in its capacity as a Regulatory Watchdog, will be scrutinizing and reporting on the rollout and implementation of FedRAMP by all participants in the process. CRE may take additional actions, if warranted, to ensure that FedRAMP achieves its economic and security objectives.
Attached below is a copy of the FedRAMP Third Party Assessment Organization (3PAO) Program Description.