WHAT IS FEDRAMP?

The Office of Management and Budget (OMB) implemented a government-wide Cloud First Policy that requires each agency to identify all services capable of moving to the cloud and create an aggressive timeline to do so. All cloud services in use must meet federal cloud computing requirements. The Federal Risk and Authorization Management Program (FedRAMP) created a structure to evaluate a private sector Cloud Service Provider (CSP) against federal information security requirements. CSPs, in turn, need to acquire the services of a Third Party Assessment Organization (3PAO) to navigate the FedRAMP process and ensure that the CSP is granted an authority to operate (ATO) in a cost-effective and timely manner.


MBL is A FEDRAMP 3pao

WHY MBL?

Of the currently accredited 3PAOs, MBL’s notable experience includes: 

  • We were significant contributors to the attainment of the first FedRAMP Agency ATO granted to a CSP;
  • We supported the development of Agency-wide standard operating procedures for reviewing and evaluating CSPs, analyzing existing security documentation, providing mitigation recommendations, and continuous monitoring strategies;
  • We assisted the government in reviewing CSPs and served as the Subject Matter Experts (SME)s between the Department of Health and Human Services (HHS) and the assessing organization.

MBL HAS THE CAPABILITIES AND STAFF TO ADDRESS YOUR NEEDS

  • ​​Provide expertise in FedRAMP Agency ATO standard operating procedures
  • Offer training and lessons learned to Federal agencies and CSPs
  • Understand the Federal perspective behind granting the CSP an ATO

MBL's FEDRAMP ACCREDITATION SERVICES

  • Pre-Assessment of CSPs to ensure preparedness for the FedRAMP ATO process
  • Comprehensive FedRAMP Assessment for CSPs seeking either Agency ATOs or Provisional Joint Authorization Board (JAB) ATOs
  • Training, outreach, and education on FedRAMP and secure cloud computing 

FedRAMP