The Schellman Blog

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government initiative that standardizes the security assessment and authorization process for cloud products and services used by federal agencies. Part of this process requires cloud service providers (CSPs) to complete a FedRAMP Readiness Assessment Report (RAR), which is used to determine whether they are prepared to undergo full FedRAMP authorization.

When it comes to IKEA, we’d all probably agree that the Swedes make some great flat pack furniture that can either upgrade your space or just do in a pinch.

Authorization from FedRAMP allows Cloud Service Providers (CSPs) the lucrative prospect of providing services to the federal government community.

The Belgian writer and painter Erik Pevernagie once said that “without a clear-cut vision and a proper reading of the roadmap we may not reach the buoyant shores of the horizon.”

If you’re a cloud service provider, you’re required to make it through the Federal Risk and Authorization Management Program (FedRAMP) in order to receive Authority to Operate (ATO) in the federal marketplace which allows you to provide your services and products for use by the federal government. There are two different avenues you can take to achieve ATO—through the Joint Authorization Board (JAB) or through an agency.

What It Means for the Present & the Future

Schellman becomes the first compliance services firm authorized by the CMMC AB and the 5th C3PAO Overall October 19, 2021 (Tampa, FL) – Schellman is pleased to announce that we are now an authorized Cybersecurity Maturity Model Certification (CMMC) Third Party Assessment Organization (C3PAO). Overseen by the Department of Defense (DoD) alongside the CMMC Accreditation Body (CMMC AB), the CMMC program is designed to enforce consistent cybersecurity practices across the hundreds of thousands of defense contractors that participate in and make up the Defense Industrial Base (DIB). A group that now includes Schellman, C3PAOs are the independent assessment organizations that work alongside advisory and training providers to improve cybersecurity practices and protect the sensitive information maintained by the DIB participants.

As a Third Party Assessment Organization (3PAO), Schellman has been performing FedRAMP security assessments for Cloud Service Providers (CSPs) since 2014. During this time, we have seen our CSP clients pioneer technologies that provide federal agencies an opportunity to leverage new and innovative cloud services, all while modernizing their approach to building, deploying, and managing applications through containerization. Though this gradual shift to containerizing system components has increased CSPs’ operational efficiency and scale, it has also introduced new security risks to FedRAMP systems.