FedRAMP Updates 3PAO Requirements

FedRAMP, in partnership with the American Association for Laboratory Accreditation (A2LA), updated the “R311 -Specific Requirements: FedRAMP,” which includes new and strengthened qualifications for existing and new 3PAOs.

The key updates are as follows: Incorporation of the R346 – Specific Requirements: Baltimore Cyber Range (BCR) Cybersecurity Technical Proficiency Activity Information, which requires all 3PAO assessors to take a hands-on proficiency exercise, conducted by the Baltimore Cyber Range (BCR), at initial accreditation and annually thereafter Accreditation to ISO/IEC 17020, under the A2LA Cybersecurity

Inspection Body Program, for a period of one year as evidence of implementation of a 3PAO’s quality management system

Forty hours of Continuing Professional Education (CPE) or equivalent for each 3PAO assessment team member Regular FedRAMP PMO touch-points with 3PAOs and CSPs for feedback on deliverables and customer experience Guidance for non U.S. based 3PAO personnel and/or OCONUS operations

0 Reviews

Write a Review

CBPN Editor

Related post

Leave a Reply

Your email address will not be published. Required fields are marked *