Federal Risk and Authorization Management Program 3rd Party Assessment Organizations (3PAO)
FEDRAMP was developed to give the federal government a way to use cloud based service as securely as possible.  It applies to federal US agencies it provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Â
3pao – third party assessment organizations
Third Party assessors play an integral role in the FedRAMP process. Â Accredited independent assessors -Â Third Party Assessment Organizations (3PAOs)Â have demonstrated independence and technical competency required to test the security implementations and collect representative evidence. Â Whether accredited through FedRAMP or not, third party assessors:Â
- Create a Security Assessment Plan
- Perform initial and periodic assessments of CSP security controls
- Conduct security tests and produce a Security Assessment Report
