top of page


FedRAMP, the Federal Risk and Authorization Management Program, mandates the use of Third Party Assessment Organizations to confirm the security standards of cloud service providers. FedRAMP requires that 3PAOs be accredited by A2LA, the American Association for Laboratory Accreditation. 3PAOs are evaluated for a period of one year during which they are monitored and tested.

3PAOs prepare a Readiness Assessment Report (RAR) which is submitted to a FedRAMP repository. Once approved 3PAOs, such as Coalfire, can refer to themselves as a "Accredited FedRAMP Third Party Assessment Organization" and use the FedRAMP brand.

Be sure that your CSPs have been evaluated by a 3PAO approved by FedRAMP.


bottom of page