Homeland Security Consultants is the now the 15th company to become a third party assessment organization, or 3PAO, for FedRAMP, the General Services Administration said on Wednesday.
Known as 3PAOs, the organizations do initial assessments and test the controls of cloud service providers per FedRAMP requirements and provide evidence of compliance. The 3PAOs will also have an ongoing role in ensuring cloud service providers meet requirements.
All vendors who want to provide cloud services to the government must first submit documents detailing how they meet FedRAMP’s 168 security controls to these third-party assessment organizations.
The 3PAOs will review the documents and submit their recommendation to the Joint Authorization Board, which is made up of the chief information officers from GSA and the departments of Defense and Homeland Security.
After reviewing the 3PAO analysis, the JAB decides whether to grant the company an initial authority to operate. The final authority to operate must come from the agency, which is buying the cloud services.