The General Services Administration (GSA) has released the FedRAMP Readiness Assessment Report (RAR) Template, a pre-audit enabling cloud providers to demonstrate their readiness to achieve a FedRAMP authorization.
This allows the FedRAMP Program Management Office to determine if a cloud service provider (CSP) is ready to pursue a FedRAMP authorization.
CSPs can immediately begin to use this template for Readiness Assessments by FedRAMP Accredited third party assessment organizations (3PAOs).
CSPs whose RAR is approved by the FedRAMP PMO are deemed “FedRAMP Ready” in the FedRAMP marketplace.
A FedRAMP Ready designation indicates that a CSP is likely to attain a Provisional Authorization to Operate (P-ATO) via the Joint Authorization Board (JAB) or an Authorization to Operate (ATO) by an Agency. The RAR focuses on key capabilities rather than documentation, enabling 3PAOs to assess a CSP’s system in a shorter amount of time and giving the government a clearer understanding of a provider’s technical capabilities up-front in the assessment process.
This final version of the RAR reflects industry feedback received during a public vetting period that began in March 2016, and can now be used to get to FedRAMP Ready.
It clearly identifies minimum requirements for CSPs and clarifies guidance for 3PAOs. The template also provides an area to collect information that receives more subjective analysis, and guidance for the 3PAO is now part of the template itself.