Definition

FedRAMP 3PAO (third-party assessment organization)

TechTarget Contributor

By

TechTarget Contributor

A 3PAO is an organization that has been certified to help cloud service providers and government agencies meet FedRAMP compliance regulations. 3PAO stands for Third Party Assessment Organization.

A 3PAO evaluates a cloud provider's systems to ensure transparency between government and cloud providers and consistency in data security strategies. Certified 3PAOs use FedRAMP templates when performing security assessments.

The U.S. General Services Administration (GSA) website lists the following requirements for qualification as a 3PAO:

Independence and quality management in accordance with ISO/IEC 17020: 1998 standards.
Information assurance competence that includes experience with FISMA and testing security controls.
Competence in the security assessment of cloud-based information systems.

See also: Federal Cloud Computing Initiative

This was last updated in May 2013

Continue Reading About FedRAMP 3PAO (third-party assessment organization)

Becoming a 3PAO

3PAO requirements

Networking

Network as a Service (NaaS)
Network as a service, or NaaS, is a business model for delivering enterprise WAN services virtually on a subscription basis.
network configuration management (NCM)
Network configuration management is the process of organizing and maintaining information about all of the components in a ...
presentation layer
The presentation layer resides at Layer 6 of the Open Systems Interconnection (OSI) communications model and ensures that ...

Security

backdoor (computing)
A backdoor attack is a means to access a computer system or encrypted data that bypasses the system's customary security ...
Heartbleed
Heartbleed was a vulnerability in some implementations of OpenSSL, an open source cryptographic library.
What is risk management and why is it important?
Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

CIO

Agile project management (APM)
Agile project management (APM) is an iterative approach to planning and guiding project processes.
decentralized autonomous organization (DAO)
A decentralized autonomous organization (DAO) is a management structure that uses blockchain technology to automate some aspects ...
Semantic Web
The Semantic Web is a vision for linking data across webpages, applications and files.

HRSoftware

team collaboration
Team collaboration is a communication and project management approach that emphasizes teamwork, innovative thinking and equal ...
employee self-service (ESS)
Employee self-service (ESS) is a widely used human resources technology that enables employees to perform many job-related ...
learning experience platform (LXP)
A learning experience platform (LXP) is an AI-driven peer learning experience platform delivered using software as a service (...

Customer Experience

headless commerce (headless e-commerce)
Headless commerce, also called headless e-commerce, is a platform architecture that decouples the front end of an e-commerce ...
chief customer officer (CCO)
A chief customer officer, or customer experience officer, is responsible for customer research, communicating with company ...
relationship marketing
Relationship marketing is a facet of customer relationship management (CRM) that focuses on customer loyalty and long-term ...

Close