Compliance and Security Audits: FedRAMP Security Controls Assessment

The federal marketplace provides extraordinary opportunities for Cloud Service providers (CSPs) with FedRAMP Ready or FedRAMP Authorized cloud services. To become FedRAMP Ready requires an assessment and the completion of the FedRAMP Readiness Assessment Report (RAR).

The journey to FedRAMP compliance is simple when partnering with America’s Security Corporation. Our cybersecurity professionals are knowledgeable of NIST standards and FedRAMP requirements, and will use our CertifierPro™ Cloud Product with built-in FedRAMP requirements and templates to ensure CSPs obtain Authorization in an optimal time at monetary cost. We offer the following:

• Consulting – We will counsel on system architecture and documentation of the environment and security control implementations. We will develop System Security Plan (SSP), Policies and Procedures, Rules of Behavior, Incident Response Plan, IS Contingency Plan and other necessary system documentation to satisfy security controls.
• Security Controls Assessment – ASC will assess security controls and develop the required FedRAMP documentation, including a Security Assessment Plan (SAP), Security Requirements Traceability Matrix (SRTM) and document assessment results in a Security Assessment Report (SAR).
• Continuous Monitoring – We will help with any monthly, quarterly, or annual continuous monitoring needs to maintain CSPs authority to operate. We will assist with major milestone activities for CSPs to complete their annual assessments include the following:
  • Controls and enhancements that have CSP-defined and/or FedRAMP-defined operational frequency
  • Controls and enhancements less than 3 years, including those that are at varied timeframes (e.g. hourly, daily, monthly, quarterly) and continuous
  • Controls FedRAMP has determined are critical to protecting the information system.
  • Controls FedRAMP has determined necessary to ensure continued operation and implementation of the control as intended, based on the NIST definition of volatility
  • Review and update, as required, the System Security Plan (SSP) and attachments
  • Conduct Incident Response Plan Test and provide the Incident Response Plan Test Report
  • Conduct Contingency Plan functional test and include the Contingency Plan Test Report
  • Complete the Annual Assessment Security Assessment Plan (SAP)
  • Conduct testing
  • Complete Annual Assessment Security Assessment Report (SAR)
  • Complete the Plan of Action and Milestones (POA&M)
  • Submit the complete Annual Assessment package, including the SAR and attachments, updated SSP and attachments, updated SAP, and POA&M to FedRAMP PMO or Agency AO