Industry Veterans Successfully Launch FedRAMP & StateRAMP 3PAO Practice
Ashburn, VA – (July 28, 2021) – Fortreum, LLC announced today that it has achieved the Third Party Assessment Organization (3PAO) accreditation status for providing FedRAMP (Federal Risk and Authorization Management Program) services.
FedRAMP is a US government-wide cloud authorization program that provides a standardized approach to security assessment, authorization, and continuous monitoring. Under the FedRAMP accreditation model, 3PAOs are required to be accredited by the American Association for Laboratory Accreditation (A2LA) in order to be recognized by the FedRAMP Project Management Office (PMO).
To achieve the 3PAO status, Fortreum underwent an assessment conducted by A2LA, the FedRAMP 3PAO accreditation body, to verify the company’s competence according to FedRAMP requirements and compliance with the ISO/IEC 17020:2012 international standard. Obtaining the FedRAMP 3PAO accreditation means Fortreum will be able to independently validate the cloud security architecture and overall organizational maturity required for Cloud Service Providers (CSP’s) looking to obtain a FedRAMP authorization. Additionally, StateRAMP – a consortium of State and Local Governments, 3PAOs, and service providers – has approved Fortreum as a StateRAMP assessor, which utilizes FedRAMP approved 3PAOs who register to help their mission to standardize third-party verifification for government organizations.
Fortreum’s leadership team draws from supporting both Public and Private Sector – Fortune 500 customers for 30+ years. The leadership team – James Leach and Michael Carter – were original FedRAMP Third Party Assessment Organization (3PAO) personnel who have participated with the FedRAMP PMO and numerous cloud service providers in their efforts towards achieving Authority to Operate (ATO) since the program’s inception.
“Having been in the FedRAMP program since it started, we look forward to leveraging our expertise in cloud and FedRAMP as a whole to assist our customers with obtaining a FedRAMP ATO, which can seem quite daunting at the onset said Michael Carter, Managing Principal, Fortreum, LLC. “FedRAMP is continuing to grow its base of authorized products and we are excited to be a part of the puzzle to add even more specialized cloud service offerings to the US Government marketplace.”
Cloud service providers can begin working with Fortreum to achieve a simplified plan and roadmap towards meeting these requirements to enable US Government business by leveraging resources such as:
Industry Roadmap for US Public Sector
We’ve distilled our experience into a simplified roadmap for Public Sector requirements so clients can develop a plan to meet those milestones. It helps CSPs understand their responsibilities, how FedRAMP/StateRAMP impacts their technology/business processes, and how to plan for the process of preparing, being assessed, and maintaining their authorization under the continuous monitoring program.
FedRAMP RAR, Advisory, and Assessment Services
Engage with a team that understands the FedRAMP process and can help cloud technology companies develop a plan toward authorization- from preparing their environment, conducting a Readiness Assessment or the full FedRAMP assessment.
Authorized FedRAMP Services Search
Looking for a FedRAMP approved service by function? Search the FedRAMP Marketplace by functional service and capability.
About Fortreum
Fortreum provides cybersecurity and cloud support services focusing on regulatory and technical testing that enables System Integrators, Federal Agencies, Cloud Service Providers (CSPs), and 3rd Party Contractors a streamlined way to conduct business in their targeted industries. All organizations are faced with regulatory requirements to pursue business with the US Public Sector such as the Federal Risk and Authorization Management Program (FedRAMP), the Department of Defense Cloud Security Requirements Guide (DoD SRG), NIST SP 800-171 and the Federal Information Security Management Act (FISMA) to name a few. We take the cybersecurity and cloud complexity challenges and aim to simplify the implementation and execution of applicable requirements to the technologies to enable business for clients.