3PAO
E1008665
3PAO stands for Third Party Assessment Organization, an independent firm accredited to assess and validate cloud service providers’ security controls under the U.S. federal FedRAMP program.
Statements (46)
| Predicate | Object |
|---|---|
| instanceOf |
Third Party Assessment Organization
ⓘ
assessment organization ⓘ independent security assessor ⓘ |
| accreditedBy |
American Association for Laboratory Accreditation
NERFINISHED
ⓘ
FedRAMP Program Management Office NERFINISHED ⓘ |
| assesses |
FedRAMP security controls
ⓘ
cloud service providers ⓘ |
| characteristic |
independent of assessed cloud service provider
ⓘ
must meet FedRAMP accreditation requirements ⓘ subject to quality management requirements ⓘ |
| countryOfOperation |
United States of America
ⓘ
surface form:
United States
|
| domain |
cloud security
ⓘ
information security compliance ⓘ |
| followsStandard |
FedRAMP Security Assessment Framework
NERFINISHED
ⓘ
NIST SP 800-53 NERFINISHED ⓘ |
| fullForm | Third Party Assessment Organization NERFINISHED ⓘ |
| goal |
ensure consistent security assessments for FedRAMP
ⓘ
provide assurance on cloud security posture to U.S. federal agencies ⓘ |
| governingBody | FedRAMP Joint Authorization Board NERFINISHED ⓘ |
| language | English ⓘ |
| operatesUnderProgram | FedRAMP NERFINISHED ⓘ |
| outputUsedBy |
FedRAMP Joint Authorization Board
NERFINISHED
ⓘ
federal agency authorizing officials ⓘ |
| primaryRole |
assess cloud service providers’ security controls
ⓘ
perform independent security assessments ⓘ validate FedRAMP security requirements implementation ⓘ |
| provides |
Security Assessment Plan
ⓘ
Security Assessment Report ⓘ test procedures for security controls ⓘ |
| regulatoryContext | U.S. federal government cloud services ⓘ |
| relatedTo |
NIST Risk Management Framework
NERFINISHED
ⓘ
federal information security compliance ⓘ |
| requiredFor |
FedRAMP Agency Authorization to Operate
NERFINISHED
ⓘ
FedRAMP Provisional Authorization to Operate NERFINISHED ⓘ |
| requires |
independence and impartiality
ⓘ
knowledge of FedRAMP requirements ⓘ technical security expertise ⓘ |
| scope | cloud systems seeking FedRAMP authorization ⓘ |
| sector | public sector compliance services ⓘ |
| typeOfAssessment |
conformity assessment
ⓘ
third-party security assessment ⓘ |
| usedFor |
FedRAMP authorization process
ⓘ
FedRAMP security assessment ⓘ |
| worksWith |
FedRAMP Program Management Office
NERFINISHED
ⓘ
cloud service providers ⓘ federal agencies ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.