Rev5 Stakeholders

Federal Agencies

Partner with cloud service providers to achieve FedRAMP authorization
Use 3PAO assessments as the basis for making informed, risk-based authorization decisions for the use of cloud products and services
Provide ATOs to FedRAMP
Leverage the FedRAMP Marketplace to research cloud offerings that are FedRAMP Authorized or are In Process
Reuse security packages from existing FedRAMP Authorized cloud providers to inform an ATO decision
Integrate the FedRAMP requirements into agency specific policies and procedures and partner with FedRAMP to modernize

Offer agencies innovative products that help federal agencies save time and resources while meeting their critical mission needs
Work with agencies, 3PAOs, and FedRAMP to achieve FedRAMP Authorized status for their CSOs
Collaborate with FedRAMP in public on innovative approaches to securing cloud services
Provide feedback and public comment on FedRAMP guidance
Encourage agency customers to reuse security packages for FedRAMP Authorized CSOs to inform ATO decisions (aka “do once, use many”)

As independent third parties, perform initial and periodic assessments of cloud systems to ensure they meet FedRAMP requirements, which help inform agency authorization decisions
Must have a documented, fully operational, and adequately maintained quality management system (QMS) that meets the standards of ISO/IEC 17020 (as revised)
Must maintain their FedRAMP recognition by adhering to the A2LA’s, R311 - Specific Requirements: Federal Risk and Authorization Management Program (FedRAMP) policy (as revised)