Before a Cloud Service Provider (CSP) can begin the Federal Risk and Authorization Management Program (FedRAMP) certification process, it must first implement FedRAMP compliant documentation and controls. ADHERE understands these requirements and how they pertain to each organization.
ADHERE assists companies with the completion of the FedRAMP documentation, identifying required controls and reducing the time it takes to achieve FedRAMP Authorization to Operate (ATO).
The model we employ in preparing your organization for FedRAMP, is the Three Phase FedRAMP paid engagement model.
Phase 1: Pre-Audit Assessment
Prior to beginning the FedRAMP certification process, companies should undergo a pre-audit assessment to identify potential non-conformities. NIST 800-53 and the CIS Worksheet are the basis for ADHERE’s Pre-audit assessment. This assessment will:
• Compare the company’s current environment to FedRAMP standards,
• Determine preparedness for the security assessments (i.e., Readiness Assessment Report and Security Assessment Report),
• Expose gaps that are harmful to the certification process, and
• Address known issues and provide guidance towards remediation.
Phase 2: Documentation
When ADHERE assists in building your company’s FedRAMP program and supporting documentation (even above and beyond federal templates where necessary), we will provide your company with all the completed templates and documentation. The most significant is the System Security Plan (SSP) and the CIS Worksheet. These deliverables will meet or exceed the FedRAMP standard and will shorten the timeframe required for the company to prepare for the assessment.
Phase 3: Support
ADHERE will help your organization complete the FedRAMP Plan of Action and Milestones (POA&M) supporting document. The POA&M is a key document utilized by FedRAMP for continuous monitoring and improvement, and describes the plans, milestones, and dates your organization should take to address any concerns or recommendations from the Security Assessment Report (SAR).
Through the process ADHERE provides guidance, support and honest feedback on your readiness state for the formal FedRAMP audit. ADHERE wants our customers to succeed with a favorable Readiness Assessment Report (RAR) and SAR when they go forward to a 3PAO auditor or the ATO.