Readiness Assessment Report (RAR) Templates and Guide Updates for 3PAOs
FedRAMP has updated the Readiness Assessment Report (RAR) Guide and templates (linked below) in order to provide enhanced guidance for Third Party Assessment Organizations (3PAOs).
- FedRAMP High Readiness Assessment Report Template
- FedRAMP Moderate Readiness Assessment Report Template
- FedRAMP 3PAO Readiness Assessment Report Guide
The updates to both of the RAR templates and the guide aim to:
- Streamline template sections/tables to simplify and reduce duplication and complexity
- Clarify requirements and instructions based on feedback from 3PAOs and CSPs
- Align the RAR with current FedRAMP guidance and requirements
The intent of the RAR is for a 3PAO to document a Cloud Service Offering’s (CSO) management, technical, and operational capabilities and attest a CSO’s readiness for the FedRAMP authorization process. By completing a RAR, a Cloud Service Provider (CSP) is able to understand if their CSO has the key capabilities to obtain a FedRAMP authorization. While the CSP should review the RAR for accuracy, the 3PAO has ownership of the RAR and is fully responsible for its content.