I was happy to participate in a webinar a few weeks ago with my colleague, Corey Clements, director, FedRAMP 3PAO and Advisory for SecureIT.
The session was called “I’m Ready for My FedRAMP Assessment, Now What?” and gave some real insight into what companies should expect during the FedRAMP assessment process, and what you can expect while working with your Third-Party Assessment Organization (3PAO). We covered a number of topics, including:
- How testing is conducted during your initial assessment
- What type of evidence a 3PAO will be requesting
- The information your 3PAO will need to complete a Security Assessment Report (SAR)
- Why the System Security Plan (SAP) and SAR are so critical
- What you need to know about “High Vulnerabilities” and what remediation steps can be taken if they’re found
This webinar is beneficial to those going through the assessment process, and even those just starting their FedRAMP journey. Based on my involvement with the FedRAMP process, and Corey’s work as a specialist and 3PAO, our examples and advice come from real-life experience that can help make your assessment journey easier.
Some of the questions we answered during this webinar are:
- How long does it take to complete the assessment?
- Can you fix any issues discovered during the assessment prior to assessment completion?
- What is the difference between penetration testing and vulnerability scanning?
- Why is the Plan of Actions and Milestones (POA&M) critical for success during the FedRAMP authorization process?
- What happens after the initial assessment?
We offer an on-demand version of “I’m Ready for My FedRAMP Assessment, Now What?” if you’d like to watch it or share it with colleagues to help others better understand FedRAMP compliance. I hope you’ll join us for our next FedRAMP webinar.