This week, FedRAMP published one Q&A for Federal Agencies and one Tip for Cloud Service Providers(CSPs):
Federal Agencies
Q: What does FedRAMP Ready status mean? Is it a requirement for CSPs who would like to pursue an Agency authorization?
A: FedRAMP Ready is a designation intended to demonstrate a CSP’s ability to complete the full FedRAMP Authorization process. It is a mandatory step in pursuing a JAB Provisional Authorization to Operate (P-ATO) and is optional for those pursuing an Agency-based FedRAMP Authorization. Although it is optional for Agencies, some Agencies may prefer to work with CSPs that are “FedRAMP Ready” since it offers key insight into their capabilities and ability to achieve an authorization.
The FedRAMP Authorization process is rigorous and intensive. It involves a lot of hard work and effort, so it makes sense that a CSP would want some assurance that their cloud offering is likely to attain authorization. This is why reaching “FedRAMP Ready” is an important first step in the FedRAMP process.
Cloud Service Providers (CSPs)
TIP: Be consistent with your naming conventions. Always call the same thing by the same name throughout your written work.
EXAMPLE: “The Emergency Response Team shall resolve all problems within four hours of receiving a report. Once a problem is fixed, the response team lead documents the solution and sends the requesting team the correction report.” This sentence calls “The Emergency Response Team” by another name, “response team.” These are probably the same, but the different names and differing capitalization can be confusing. Additionally, what the Emergency Response Team does is referred to with three different verbs: resolve, fix, and correct. Stick to one name and try to stick to one verb that accurately describes the action.
Read more about this week’s FedRAMP’s Tip and cues here