FedRAMP last week unveiled an online training course to help users understand the new review and approve process. The training is available on the agency’s training page.
The new training is intended to help FedRAMP cloud service providers (CSPs) and others understand the lengthy and complex process to receive FedRAMP compliance.
According to FedRAMP, those who take the review and approve training will learn:
- The roles and responsibilities of CSPs, the FedRAMP PMO, and authorizing officials;
- The designations given to authorization packages throughout the review and approve process;
- How the FedRAMP PMO conducts initial and detailed reviews of an authorization package;
- The actions an applicant must take to properly prepare and apply for a FedRAMP authorization; and,
- The criteria used to approve an authorization package.
FedRAMP introduced Review and Approve in August, and it represented a major overhaul by the FedRAMP Program Management Office (PMO), which hopes to standardize the cloud program’s complicated certification process.
The change was necessary because of the growing number of applications for review and the quality of applications. The PMO hopes clearer rules and improved guidance result in better documentation from CSPs and agencies.
“In the past, multiple review cycles were needed before a package could be listed as FedRAMP compliant. By designing and implementing this new process, the review and approval of packages will be more efficient, structured, and scalable,” John Hamilton, FedRAMP Program Manager for Operations, told FedRAMP411 last month.
The new training course is not mandatory, but the FedRAMP PMO recommends all CSPs take the course before submitting an application or writing a system security plan (SSP).
All FedRAMP courses can be found on its training page.