Readiness Assessment Report (RAR) Templates and Guide Updates for 3PAOs
January 4 | 2022
FedRAMP has updated the Readiness Assessment Report (RAR) Guide and templates (linked below) in order to provide enhanced guidance for Third Party Assessment Organizations (3PAOs).
- FedRAMP High Readiness Assessment Report Template
- FedRAMP Moderate Readiness Assessment Report Template
- FedRAMP 3PAO Readiness Assessment Report Guide
The updates to both of the RAR templates and the guide aim to:
- Streamline template sections/tables to simplify and reduce duplication and complexity
- Clarify requirements and instructions based on feedback from 3PAOs and CSPs
- Align the RAR with current FedRAMP guidance and requirements
The intent of the RAR is for a 3PAO to document a Cloud Service Offering’s (CSO) management, technical, and operational capabilities and attest a CSO’s readiness for the FedRAMP authorization process. By completing a RAR, a Cloud Service Provider (CSP) is able to understand if their CSO has the key capabilities to obtain a FedRAMP authorization. While the CSP should review the RAR for accuracy, the 3PAO has ownership of the RAR and is fully responsible for its content.