ControlCase is a global provider of IT Certification and Continuous Compliance services.
FedRAMP aims to ensure the confidentiality, integrity and availability of federal information. The ControlCase solution starts by helping you identify where the federal information is being stored, processed and transmitted by the system / service to be provided to federal clients. We then work with you to describe the applicable FedRAMP controls and evidence required to build the FedRAMP SSP.
As a 3PAO, ControlCase will independently verify and validate the control implementation and test results for your organization, using a four-phase approach. Each phase will have a specific set of tasks and deliverables required to guide you, through the FedRAMP Joint Authorization Board (JAB) Provisional Authorization to Operate (P-ATO) process.
1) What is FedRamp?
The Federal Risk and Authorization Management Program, known as FedRAMP, is one of the federal government’s most rigorous security compliance frameworks. FedRAMP uses the NIST SP 800-53 standard as a security baseline. NIST includes the data security guidance set by the National Institute of Standards (also responsible for maintaining and updating FISMA compliance.)
2) Why is FedRAMP Important
FedRAMP enables the federal government to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations. It provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies. Thereby, delivering a cost-effective and risk-based approach for government agencies to adopt and use of cloud services.
3) What are the FedRAMP Entities?
4) What is FedRAMP Marketplace?
The FedRAMP Marketplace is maintained by the FedRAMP Program Management Office (PMO). It serves as a database of Cloud Service Offerings (CSOs) that have achieved a FedRAMP designation and Accredited Auditors (known as 3PAOs) that can perform the FedRAMP assessment.
ControlCase is a FedRAMP Third Party Assessment Organization (3PAO). The 3PAO status qualifies ControlCase to assist cloud providers in achieving FedRAMP compliance and verifies that ControlCase has the technical competence required by FedRAMP to assist cloud providers in achieving FedRAMP certification.
5) Who does FedRAMP Apply to?
FedRAMP applies to any cloud services that hold federal data must be FedRAMP Authorized.
FedRAMP prescribes the security requirements and processes cloud service providers must follow for the government to use their service.
6) How hard is it to get FedRAMP Certified?
There are two types of FedRAMP authorizations:
7) How to achieve FedRAMP Compliance & FedRAMP Certification