ANNUAL ASSESSMENT / Monthly Scanning
  • Vulnerability scanning of the environment in support of the FedRAMP monthly scanning requirements
  • Includes an annual assessment of a 1/3 of the information system's security controls


      Estimated Duration: 2 Months

MBL's FEDRAMP ACCREDITATION SERVICES

  • Pre-Assessment of CSPs to ensure preparedness for the FedRAMP ATO process
  • Comprehensive FedRAMP Assessment for CSPs seeking either Agency ATOs or Provisional Joint Authorization Board (JAB) ATOs
  • Training, outreach, and education on FedRAMP and secure cloud computing 

WHY MBL?

  • Industry Leading Expertise
  • Competitive Pricing
  • Flexible Staff
  • Ability to Tailor Assessment Schedule
  • Quick Response to Quote Requests

FedRAMP

EXPERTISE

  • SaaS, PaaS, IaaS
  • ATO Standard Operating Procedures
  • Training and Lessons Learned
  • Continuous Monitoring
  • Healthcare and HR industry CSPs

MBL HAS THE CAPABILITIES AND STAFF TO ADDRESS YOUR NEEDS

  • ​​Provide expertise in FedRAMP Agency ATO standard operating procedures
  • Offer training and lessons learned to Federal agencies and CSPs
  • Understand the Federal perspective behind granting the CSP an ATO

Please see below for a representation of our typical packages and services. Each package is not restrictive and is tailored to our customer's needs.

      FULL ASSESSMENT
  • Support of a Project Manager, an Assessment Lead, and a team of assessors and technical security testers
  • Review of all system documentation to ensure all NIST 800-53 and organizational security controls are in place
  • Interviews with necessary organizational staff to confirm policy/control implementation and gather applicable evidence
  • Vulnerability and penetration testing of the environment
  • ​Submission of assessment package will be submitted to either the sponsoring federal agency or the Joint Authorization Board (JAB)

​      Estimated Duration: 4 Months

      READINESS ASSESSMENT
  • Active engagement of a Project Manager / Assessment Lead
  • Security Assessor to review system documentation
  • Creation of a FedRAMP Readiness Report


      Estimated Duration: 2-3 Weeks


MBL is A FEDRAMP 3pao

      CONTINUOUS MONITORING

      For clients that have already received

      a Security Assessment Report

  • Active engagement of a Project Manager, an Assessment Lead, and a Security Assessor
  • Mitigations of assessment findings by working with system owners to update any policy or procedures that are non-compliant
  • Coordination with network administrators to recommend remediation processes for technical vulnerabilities
  • Option: MBL is able to provide a cost per year


      Estimated Duration: Ongoing