Vencore is a Federal Risk Authorization and Management Program (FedRAMP℠) accredited Third Party Assessment Organization (3PAO) for conducting security assessments for Cloud Service Providers (CSP).
The Office of Management and Budget (OMB) from the Executive office of the President mandates FedRAMP compliance for all cloud products and services used by federal agencies by June 2014.
Vencore’s 3PAO provides multiple levels of security assessment services for cloud products and services to comply with FedRAMP requirements and achieve a Provisional Authority To Operate (PATO) certification from the FedRAMP Joint Authorization Board (JAB), which can be leveraged by all federal agencies, or Authority To Operate (ATO) certification from specific federal agencies.
Why Vencore’s 3PAO?
Cloud computing offers a unique opportunity for the federal government to take advantage of cutting edge information technologies to dramatically reduce procurement and operating costs and greatly increase the efficiency and effectiveness of services provided to citizens. Consistent with the President’s International Strategy for Cyberspace and Cloud First policy, the adoption and use of information systems operated by cloud service providers (cloud services) by the federal government depends on security, interoperability, portability, reliability and resiliency.
FedRAMP is a government-wide program that provides a standardized approach to security assessment and authorization, as well as continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that will save cost, time and staff required to conduct redundant agency security assessments.
FedRAMP requires that a cloud service provider’s (CSP) services and systems be assessed by an accredited 3PAO. For FedRAMP, the conformity assessment ensures that accredited 3PAOs consistently perform security assessments with the appropriate level of rigor and independence. FedRAMP will only review security assessment packages from CSPs that have been assessed by an accredited 3PAO. In addition to the initial security assessment, 3PAOs perform periodic assessment of CSP systems to provide evidence of compliance and play an ongoing role in ensuring that CSPs continue to meet FedRAMP requirements.
How Can Vencore’s 3PAO Help You?
Vencore’s 3PAO is a FedRAMP accredited third party assessment organization for conducting security assessments for cloud products and services.
Vencore’s 3PAO security assessment team has extensive experience in security control implementation and the evaluation of mission critical information systems for various government agencies. This team has the required certifications and skills to provide clients with the technical, policy and operational insight required for a successful compliance assessment to achieve FedRAMP ATO certification.
For more information, please review our FedRAMP brochure or contact:
3PAO Operational and Project Manager
3PAO Quality Manager
v: 571 521 7718