Menu
X

3 Routes for CSPs to FedRAMP

CSPsThere are three routes commercial cloud service providers (CSPs) can take to be compliant with the government’s baseline cloud computing standards, known as the Federal Risk and Authorization Management Program (FedRAMP). Although these three routes lead to the same ultimate goal, they can differ in time to accreditation and also differ in cost.

Route to FedRAMP #1

The first route, and the most common for commercial cloud service providers, is gaining a provisional authority to operate or (ATO) from the FedRAMP Joint Authorization Board (JAB). This board is led by CIO’s at the General Sales Administration (GSA), the Department of Defense (DOD), and the Department of Homeland Security (DOS). In addition to an ATO, a FedRAMP-accredited third-party assessment organization (3PAO) is required to complete this process.

Route to FedRAMP #2

The second route comes as an alternate. Agencies can grant an ATO to a CSP, and other agencies can choose to take advantage of this authority and work with the company as well. 3PAOs also work with agency-issued ATOs and work with both parties to make sure security standards are met.

Route to FedRAMP #3

The third route and least common is the CSP Supplied route. In this route, a CSP can hire a FedRAMP-accredited 3PAO to complete all required documentation, testing and security assessments. Once all these procedures are complete, the information is sent to GSA’s FedRAMP office for verification. Very few companies have taken this route, due to high cost, but it is a good option for companies that cannot or do not want to take advantage of existing federal contracts and do not wish to partner with other CSP’s.

At the FedRAMP Industry Fair on June 4, 2014 the GSA released a table, which outlined the approximate time it took to become compliant with the government’s baseline cloud computing standards. This table broke out the three routes toward compliancy, under the categories JAB P-ATO’s (Joint Authorization Board) (provisional authority to operate), Agency ATO’s, and CSP Supplied. The timeframe can be found below:

  1. JAB P-ATO’s: 9+ Months
  2. Agency ATO’s: 4+ Months
  3. CSP Supplied: 6 Weeks

As you can see, the process to become cloud computing compliant becomes quicker, when more money and more energy is spent trying to achieve it. These three paths give options, and these options are for companies to choose. This enables you to ask yourself, what route will you take?

Back To Home
  • [contact-form-7 id="2459" title="Contact form 1"]
  • July 2021
    M T W T F S S
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • Blog Categories
    Blog Calendar
    July 2021
    M T W T F S S
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  

    © Copyright 2017 GSA Schedule. GSASchedule.com