Cloud Service Providers (CSPs) interested in providing their services to federal agencies must comply with the government mandate and security requirements provided by the Federal Risk and Authorization Management Program (FedRAMP).

FedRAMP is the assessment process that CSPs must go through to ensure their cloud environment meets the appropriate standards. Only a Third-Party Assessment Organization (3PAO) can provide this assessment. CSPs must pass the assessment to receive a Provisional Authorization to Operate (ATO), a mandatory requirement for all vendors who seek to provide cloud services for federal customers.

Dakota is an accredited 3PAO. Our Cybersecurity team evaluates CSPs using more than 300 security controls in accordance with the cloud service offering (CSO) categorization. Thousands of pages of documentation and a rigorous assessment make up the challenging path to a cloud service authorization. Our evaluation process includes:

  • Readiness Assessment Report
  • Security Assessment Plan
  • Security Assessment Report
  • Vulnerability Scanning
  • Penetration Testing
  • FedRAMP Test Cases
  • FedRAMP Tailored Low Impact (LI) for SaaS