Sorry, you need to enable JavaScript to visit this website.
Electrosoft Launches FedRAMP Practice for Cloud Security December 7, 2012

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that was established to help streamline security assessments for Cloud Service Providers (CSP).  FedRAMP strives to accelerate the adoption of secure cloud solutions by increasing confidence in the security of cloud solutions – it imposes a consistent, streamlined approach for performing security assessments and authorizations to reduce organizational cost and time in implementing cloud based solutions.

As an approved FedRAMP Third Party Assessor Organization (3PAO), Electrosoft has launched its FedRAMP Practice. We apply structured processes complemented with our extensive experience in the FISMA/FedRAMP arena to help CSPs obtain Provisional Authorization to Operate (ATO) from the FedRAMP Joint Authorization Board (JAB).  We assist CSPs through one of two possible paths:

          i)  Assist the CSP to get ready for a FedRAMP assessment by a 3PAO

          ii) Conduct an independent assessment of the CSP as a 3PAO

A typical CSP who embarks on this task on their own can take up to 24 months just to get ready for the assessment  and another 6 to 12 months to complete the assessment, correct the identified issues and resubmit to successfully obtain Provisional ATO status.  Electrosoft can get CSPs ready for a FedRAMP assessment in as little as 3 to 6 months and perform an independent assessment in 1-3 months.

Currently, each Federal agency manages its own security risks and handles security assessments for Information Technology (IT) systems slightly differently.  The problem agencies are facing is that if one agency has already vetted and authorized an IT system to operate in their environment, a second agency using the same IT system performs their own security assessment even though that system has already been tested and authorized to operate by another agency.  This costly, repetitive and inefficient process lacks the unified and government-wide risk management framework that FedRAMP provides.

To find out more information on what we can do for you in regards to any aspect of the 3PAO process please email us at:

Click Here for more information regarding Electrosoft’s FedRAMP Practice and how we can assist with your cloud security needs.

 -Vince Johnson

Return to Electroblog