One of the questions that we get the most often when we're talking about Federal assessments is how long does it take to get through the assessment process and what happens afterward to actually get to FedRAMP authorization?
So you're here because you need a federal assessment or you want to pursue a federal assessment and you're not sure where to start. There are a myriad of options. So today we're going to discuss what those options are to hopefully better define your roadmap and determine what makes sense for you and your organization. Hi, I'm Marci Womack. I'm a federal services practice leader here at Schellman. We've been doing federal assessments, going on 10 years and do hundreds of these annually. We often talk to organizations who are either in the federal space or want to pursue opportunities in the federal space. And there are many assessment and compliance opportunities that they don't know which one makes sense for their organization. Our goal today is to outline what some of those frameworks are and what the options you have depending on the services that you provide to your customers or the types of data that you're handling on behalf of your customers. So the few different options of federal services or federal assessments that are available to you, one of the hot topics is:
Many organizations want to understand how they can pursue a CMMC certification. They're really interested in the standard or they know it's very important to their line of business. And today we're going to talk about the ways that CMMC certification can happen right now. And what we expect in the future.
You're a cloud service provider and you want to do work for the federal government. In order to do that though, you need to be FedRAMP authorized and you've been told by the government agency that you're trying to sell to that, you need to be FedRAMP authorized. In this short video, we're going to walk you through what the process is, what the journey is to get to the point where you have that authorization, you've been approved, and you can go and sell work to your federal agency customers.
So you want to provide cloud services to the federal government? There's a process that you need to go through in order to get there, and that requires an authorization and an assessment, but it also requires an agency sponsor. Let's talk about what that actually means. I'm Doug Barbin, managing principal, and chief growth officer at Schellman. We've also had the privilege at Schellman of being one of the first third-party assessment organizations, or 3PAO, since the FedRAMP program's inception 10 years ago. What does this agency sponsorship mean? Fedramp is one of the unique types of third-party assessments that require interactions by the second party. In most cases, if you look at a SOC 2 report or an ISO 27001 certification, you can come to a body or a provider like Schellman, we can perform an assessment, we can issue you a report that you can share with your customers. In the case of FedRAMP, that's not enough. To get into the FedRAMP process, you have to have a sponsor, you have to have a means of entry into the federal government. Typically what that means is you have a government agency - could be a division of the Department of Defense as well, but you have a group within the government that is going to sponsor your entryway into FedRAMP. They want to do business with you, and so they're willing to be your sponsor in that FedRAMP process. Now, that is a requirement, unfortunately, and that can be a barrier for some companies that are looking to get into the market but don't have an existing relationship or an initial relationship that can be that sponsor. So what do you do to address that? There are a few avenues such as going through a FedRAMP ready assessment. There are other outreach programs. You can reach out to the FedRAMP PMO who can give you guidance on how to get there. But it is important to know: going into FedRAMP, it's not enough just to hire an assessment firm. As a matter of fact, you can't hire us to do the assessment unless you have someone, an agency or the joint authorization board that's willing to sponsor you through the process. Getting an agency sponsor is a critical first step in your FedRAMP path. Contact us today so that we can walk you through what the broader picture is from a journey on FedRAMP, from getting that agency sponsor to going through the assessment and ultimately getting your authorization.