Monday, May 14, 2012

FedRAMP PMO Releases First Set of 3PAOs

Late today the FedRAMP Program Management Office released the first list of certified Third Party Assessment Organizations (3PAOs). These companies are accredited to perform initial and periodic assessment of cloud service provider (CSP) systems per FedRAMP requirements, provide evidence of compliance, and play an on-going role in ensuring CSPs meet requirements.  FedRAMP provisional authorizations must include an assessment by an accredited 3PAO to ensure a consistent assessment process. he initial set of 3PAOs announced today are (see

Organization POC Name POC Email
COACT, Inc. Brian Pleffner
Department of Transportation (DOT) Enterprise Service Center (ESC) Douglas Holland
Dynamics Research Corporation (DRC) Preston Gale
J.D. Biggs and Associates, Inc. James Biggs
Knowledge Consulting Group, Inc. Sherrie Nutzman
Logyx LLC Robert Dumais
Lunarline, Inc. Waylon Krush
SRA International, Inc. William Bell
Veris Group, LLC Douglas Greise

In becoming a 3PAO, these companies successfully completed a NIST coordinated conformity assessment process. This conformity assessment process qualifies 3PAOs according to two requirements:
  • Independence and quality management in accordance with ISO standards
  • Technical competence through FISMA knowledge testing

Bookmark and Share
Cloud Musings on Forbes
( Thank you. If you enjoyed this article, get free updates by email or RSS - KLJ )
Post a Comment