Agencies – use the FedRAMP process when conducting risk assessments, security authorizations, and granting an ATO to a cloud service.
Agencies roles in FedRAMP
Initiate-Agency checks whether CSP has an existing ATO from JAB/other agencies if yes, asks for the SA&A package for review, if NO initiate a request to tell FeRAMP PMO whether CSP will be pursing an agency ATO or JAB ATO
Apply
Authorize-The agency needs to review SA&A package (SAR, POAM and SSP) to either issue an ATO, Interim ATO, Denial an ATO or leverage existing ATO from JAB-(Agency ATO or JAB ATO)
Monitor
Agency reviews continuous monitoring artifacts available in the FedRAMP secure repository periodically
Report– Agency reports CSP who they think cannot meet FeRAMP requirement
Login
Accessing this course requires a login. Please enter your credentials below!