The Federal Risk and Authorization Management Program (FedRAMP) accreditation is the world’s most demanding cybersecurity standard.
MBL is a FedRAMP Third-Party Assessor Organization (3PAO).
Since 2015, MBL has partnered with CSPs to engineer secure, compliant cloud solutions. We specialize in helping CSPs achieve and maintain FedRAMP compliance. Our expertise spans every cloud service model: Infrastructure-, Platform- and Software-as-a-Service (IaaS, PaaS and SaaS). We also support every phase of the FedRAMP process, from planning and preparation, to FedRAMP Ready and initial assessments, and through to continuous monitoring.
Some of our FedRAMP services include:
- Initial consultations and training to help you and your team understand the process and technical complexities of FedRAMP compliance
- Pre-assessment to ensure preparedness for the FedRAMP Provisional Authority to Operate (P-ATO) process
- Comprehensive FedRAMP assessment for CSPs seeking either JAB or agency ATOs
- Continuous monitoring to meet ongoing FedRAMP accreditation requirements
FedRAMP Compliance Approach
Since 2015, we have been building close partnerships with our FedRAMP clients to understand how they approach compliance within the context of their unique business requirements. We then develop enduring security programs, or produce quality assessment reports, that withstand strict government scrutiny while giving federal leaders confidence in the strength of their security posture.
Our approach begins with a painless, efficient scoping conversation. This is quickly followed by a streamlined quote, mapped to specific service packages, designed for easy evaluation. MBL’s pricing is competitive across the 3PAO community, both hourly and overall, to facilitate rapid award and project start.
After kickoff, MBL’s experienced cloud security engineers execute preparatory or assessment services tailored to your assessment timeline requirements. As leaders in the FedRAMP community, we have strong relationships with the JAB and across the Department of Defense (DoD) and civilian agencies. Backed by these relationships and our creative FedRAMP compliance team, we smooth roadblocks and clear the runway to compliance.
Please see below for a representation of our typical packages and services. Each package is not restrictive and is tailored to our customers’ needs.
Led by a senior, experienced FedRAMP lead
Comprehensive review of security documentation
Limited technical testing as appropriate
Creation of a FedRAMP Readiness Report
Review of all system documentation to ensure security controls are in place
Interviews with staff to confirm control implementation and gather evidence
Vulnerability and penetration testing of the environment
Submission of assessment package to sponsoring federal agency or the Joint Authorization Board (JAB)
CONTINUOUS MONITORINGFor clients that have already received a Security Assessment Report
Ongoing work with client team to mitigate previous findings
Quarterly scanning and annual penetration testing
Annual assessment of approx. 1/3 of security controls
Engineering, documentation and security consulting support to prepare you for FedRAMP
Services tailored to the technical sophistication of your current team
Services span from limited staff augmentation to fully outsourced FedRAMP management