FedRAMP 3PAO Assessment of Cloud Environments

Have your cloud service offering evaluated by a Federal 3PAO

This service performs a security control assessment of a cloud environment in accordance with the General Services Administration (GSA) Federal Risk and Authorization Management Program (FedRAMP) requirements. Cloud providers, sponsored by a federal agency, should have already been approved by the FedRAMP Program Management Office (PMO) to engage with a Third-Party Assessment Organization (3PAO) for their system's assessment.

The U.S. Department of Transportation's (DOT) Enterprise Services Center (ESC) is the only federal 3PAO under GSA's FedRAMP program.

Please consult GSA's FedRAMPS site https://www.fedramp.gov and associated FedRAMP Marketplace https://marketplace.fedramp.gov for additional guidance.

Eligibility

Federal civilian agencies are eligible to use these cybersecurity services from the DOT Enterprise Services Center (ESC). Department of Defense (DOD) organizations may be eligible for ESC cybersecurity services if their systems are unclassified.

Interested in this Fed-to-Fed service? Get a quote!

To get started, reach out to the ESC team. We will send you a simple questionnaire to fill out. Return the completed questionnaire to us and we will promptly develop a firm fixed-price quote, to include proposed schedules. If you just need a rough order of magnitude (ROM) estimate for budget planning purposes, just let us know.

Contact ESC at CyberServices@esc.gov to get more information and assistance.