FedRAMP Third Party Assessment Organizations (3PAO)

A2LA offers accreditation of Third-Party Assessment Organizations (3PAOs) as part of the Federal Risk and Authorization Management Program (FedRAMP).

The Federal Risk and Authorization Management Program (FedRAMP) Project Management Office (PMO) is updating the technical requirements for participation in this program; therefore, A2LA is currently not accepting new applications for the FedRAMP Third-Party Assessment Organization (3PAO) Program. We anticipate that we will begin accepting applications again in summer of 2017.

 

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based services. Under the Security Assessment Framework, 3PAOs are required to be accredited by A2LA in order to be recognized by the FedRAMP Project Management Office (PMO). The A2LA assessment process involves a rigorous evaluation of technical competence of the 3PAOs and their compliance with international standards.  

This specialty program is covered under the A2LA Inspection Body Accreditation Program.

Program Requirements

ISO/IEC 17020 Requirements for the Operation of Various Types of Bodies Performing Inspection
ILAC P15 - Application of ISO/IEC 17020
R311 - Specific Requirements: Federal Risk and Authorization Management Program (FedRAMP)
Information on the FedRAMP process for recognizing cloud services providers may be found on the FedRAMP website.

 

Get Started

 

If you are a Cloud Service Provider (CSP) working with an accredited 3PAO, please use the F338 – CSP Evaluation Form to provide feedback on the 3PAO’s performance directly to A2LA and the FedRAMP PMO. The CSP may provide feedback at any time throughout the 3PAO assessment process.

Events

Resources

FAQs