There are two clear paths through FedRAMP Authorization–the agency path and the much less-common Joint Authorization Board (JAB) path. While much more rigorous, this second course opens up several critical doors for cloud offerings that provide real and significant value to various federal agencies. However, the JAB path is exclusive and requires that cloud service providers be accepted into the FedRAMP Connect program.
This is no small feat and requires significant work on the part of the CSP to justify why their offering is uniquely impactful for the federal government marketplace.
FedRAMP JAB Authorization – A Limited Pool
As discussed in a previous article, JAB Authorization is a fairly privileged, if rigorous, path through FedRAMP. The challenging nature of the process is due in no small part to the criteria JAB includes as part of its Authorization path.
More commonly, agencies work directly with government agencies and 3PAOs as part of an RFI or RFP process in which that agency expresses direct interest in working with a cloud provider. However, those with JAB will work through a more hands-on and, in some cases, more challenging process that offers the Provisional Authorization to Operate (P-ATO).
The advantages here are numerous, and based on the fact that after a CSP attains P-ATO, agencies can trust the security and risk assessments of JAB and lean towards adopting the authorized solutions. While a provider or offering with P-ATO isn’t technically 100% authorized to work with an individual agency, they are well positioned to quickly work through agency authorization and provide an attractive option for these agencies who want a robust and ready solution.
Obviously, there are advantages for CSPs that obtain their P-ATO. Within the bro ..
Support the originator by clicking the read the rest link below.
