Third Party Assessment Organizations

E1008922

assessment organization type compliance assessment body independent assessment organization

Third Party Assessment Organizations are independent firms accredited to evaluate and validate the security and compliance of cloud service providers for U.S. federal government use.

Try in SPARQL Jump to: Statements Referenced by

Statements (49)

Predicate	Object
instanceOf	assessment organization type ⓘ compliance assessment body ⓘ independent assessment organization ⓘ
accreditationBody	American Association for Laboratory Accreditation NERFINISHED ⓘ FedRAMP Program Management Office NERFINISHED ⓘ
accreditationStandard	FedRAMP 3PAO requirements ⓘ ISO/IEC 17020 NERFINISHED ⓘ
alsoKnownAs	3PAOs NERFINISHED ⓘ
assessmentBasis	FedRAMP security baselines NERFINISHED ⓘ NIST SP 800-53 security controls NERFINISHED ⓘ
assessmentScope	cloud system boundary ⓘ implemented management controls ⓘ implemented operational controls ⓘ implemented technical controls ⓘ
contributesTo	standardized security assessments across agencies ⓘ trust in federal cloud services ⓘ
evaluates	cloud service providers ⓘ
evaluatesFor	regulatory compliance ⓘ security posture ⓘ
geographicFocus	United States NERFINISHED ⓘ
isAccredited	true ⓘ
mustBe	free from conflicts of interest ⓘ organizationally independent from cloud service provider ⓘ
mustMaintain	appropriate professional liability insurance ⓘ documented quality management system ⓘ qualified assessment staff ⓘ
operatesInContextOf	U.S. federal government cloud services ⓘ
performs	documentation review ⓘ independent security assessment ⓘ penetration testing ⓘ testing of implemented controls ⓘ vulnerability scanning ⓘ
primaryRole	independent assessment of cloud service providers ⓘ validation of compliance requirements ⓘ validation of security controls ⓘ
produces	Security Assessment Plan ⓘ Security Assessment Report ⓘ test procedures and evidence ⓘ
recognizedBy	Joint Authorization Board NERFINISHED ⓘ
recognizedByAbbreviation	JAB NERFINISHED ⓘ
sector	government cloud security ⓘ
servesStakeholder	FedRAMP Program Management Office NERFINISHED ⓘ cloud service providers ⓘ federal agencies ⓘ
supportsProcess	FedRAMP authorization ⓘ FedRAMP security assessment ⓘ continuous monitoring assessments ⓘ
usedInProgram	Federal Risk and Authorization Management Program NERFINISHED ⓘ
usedInProgramAbbreviation	FedRAMP NERFINISHED ⓘ

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

Federal Risk and Authorization Management Program → uses → Third Party Assessment Organizations ⓘ