Add Dictionary Terms
Project 4191 –
Task 262569
| Instructions: Add the term "third party assessment organization" to the dictionary | Task Description: Add the term "third party assessment organization" to the dictionary | Authority Document URL: Website URI Document URI |
|
From Citation: Section 5.3.1 ¶ 5 – All CSP CSOs are required to have FedRAMP annual assessments performed by a 3PAO for the maintenance of their FedRAMP PA. DoD also requires annual assessments performed by a 3PAO or approved DoD SCA organization for the maintenance of their Level 4 and above DoD PA. It is expected that CSOs in both the FedRAMP and DoD catalogs will have a single annual assessment to cover this requirement for both FedRAMP and DoD. CSOs in the FedRAMP catalog will follow the process described in the FedRAMP Continuous Monitoring Strategy Guide54. DoD Annual assessments will minimally include the set of controls listed in Appendix A of that document, as well as any other controls specified by the DISA AO. CSOs with a DoD PA that are not in the FedRAMP catalog will follow the DoD RMF process for continuous monitoring and associated assessments. Term: third party assessment organization Definition: Accredited by American Association for Laboratory Accreditation (A2LA) and with final approval by FedRAMP PMO - Contracted by CSP - Independently performs security assessments of a CSP cloud offering and creates security assessment package artifacts in accordance with FedRAMP requirements - May perform continuous monitoring of CSP systems - May independently assess a CSP’s compliance to DoD FedRAMP+ security controls and other requirements. Definition Type: Role Definition |
||
Why are you sending the task back? (optional)