GSA Announces Accreditation Body for FedRAMP Third Party Assessment Organizations
American Association for Laboratory Accreditation selected to strengthen the 3PAO review process
July 23, 2013
WASHINGTON -- Today, the U.S. General Services Administration (GSA) announced the selection of the American Association for Laboratory Accreditation (A2LA) as the Federal Risk and Authorization Management Program (FedRAMP) Third Party Assessment Organization (3PAO) Accreditation Body. This long-planned privatization of the 3PAO review process will allow for more in-depth analysis of an applicant’s conformance to inspection and information security standards, making the process more rigorous.
FedRAMP is a standardized approach to cloud security assessments, authorization, and monitoring that will save the government money, time, and staff by eliminating redundant agency security assessments. Through FedRAMP’s leveraged security authorizations, federal agencies can also significantly reduce the time it takes to adopt new cloud IT capabilities. Third party assessors play a key role in the FedRAMP process as cloud service providers (CSPs) must use an accredited 3PAO to independently validate and verify that they meet the FedRAMP requirements.
“The selection of A2LA to handle the 3PAO reviews is a significant milestone as we grow FedRAMP in partnership with industry and government cloud stakeholders” said Dave McClure, Associate Administrator of GSA’s Office of Citizen Services and Innovative Technologies. “A2LA’s involvement, with continued government oversight, improves the resources and rigor of our review process, further strengthening FedRAMP.”
With the announcement of AT&T's Storage as a Service provisional authorization, FedRAMP now has eight compliant cloud services including five Joint Authorization Board provisional Authorities to Operate and three agency Authorities to Operate. FedRAMP also has accredited 22 third party assessors, with half of those being small businesses.
A2LA anticipates reopening the 3PAO application process later this year. The FedRAMP program management office will provide final accreditation approval for all 3PAOs using A2LA reviews. The government also retains the right to reinstitute a government review board without any interruption in accreditation for 3PAOs.
Agencies are able to review the full provisional authorization packages as well as the independent assessment conducted by a FedRAMP-accredited 3PAO for their own agency specific security authorizations through the FedRAMP secure repository. Agencies can request access via www.FedRAMP.gov.
The mission of GSA is to deliver the best value in real estate, acquisition, and technology services to government and the American people.
The American Association for Laboratory Accreditation (A2LA) is a nonprofit, non-governmental, public service, membership society. A2LA also offers programs for the accreditation of testing laboratories, calibration laboratories, inspection bodies, proficiency testing providers, medical testing laboratories, reference material producers and product certification bodies.