June 6, 2018, Frederick, MD – A2LA is proud to announce the launch of its new Cybersecurity Inspection Body Program. This third-party accreditation offers an independent review of an organization’s compliance to both ISO/IEC 17020 (Requirements for the operation of various types of bodies performing inspections) as well as technical program requirements for the desired scope of accreditation (I.e. SOC II, HIPAA/HITECH, PCI, etc.).
This new program will also incorporate a technical proficiency activity with the Baltimore Cyber Range, a Maryland-based business and state-of-the-art facility to assess competence. Applicant organizations will need to send a team of 3-5 individuals through the range exercise and receive a passing score to proceed with the A2LA application process. Remedial training will be an option should an organization fail but wish to continue.
“We are excited to offer this new opportunity in addition to the existing FedRAMP 3PAO program and continue to expand our growing footprint in the cybersecurity field,” noted Cybersecurity Program contact Ashley Kamauf.
If an organization is interested in becoming a FedRAMP Third Party Assessment Organization (3PAO), they would need to gain accreditation as a Cybersecurity Inspection Body and maintain that accreditation for at least one year before being eligible for FedRAMP 3PAO consideration. The intent of this waiting period is to allow time for the organization's management system to mature and for the organization to demonstrate experience in a similar compliance scheme. In addition to a review by the FedRAMP Program Management Office (PMO), the organization would also need to demonstrate compliance to the R311 FedRAMP specific requirements document and ensure all authorized inspectors in their organization participate in the Baltimore Cyber Range technical proficiency activity.
A2LA is a non-profit, non-governmental, third-party accreditation body, offering internationally-recognized accreditation services and training to testing and calibration laboratories, inspection bodies, proficiency testing providers, reference material producers and product certifiers. A2LA is an innovator in the cybersecurity accreditation marketplace and is currently the sole source provider of accreditation for the Federal Risk and Authorization Management Program (FedRAMP).