Definition

FedRAMP 3PAO (third-party assessment organization)

Part of the Cloud computing glossary:

A 3PAO is an organization that has been certified to help cloud service providers and government agencies meet FedRAMP compliance regulations. 3PAO stands for Third Party Assessment Organization.

A 3PAO evaluates a cloud provider's systems to ensure transparency between government and cloud providers and consistency in data security strategies. Certified 3PAOs use FedRAMP templates when performing security assessments.

The U.S. General Services Administration (GSA) website lists the following requirements for qualification as a 3PAO:

  • Independence and quality management in accordance with ISO/IEC 17020: 1998 standards.
  • Information assurance competence that includes experience with FISMA and testing security controls.
  • Competence in the security assessment of cloud-based information systems.

See also: Federal Cloud Computing Initiative

This was last updated in May 2013
Posted by: Margaret Rouse

Related Terms

Definitions

  • OpenStack

    - OpenStack is an open source infrastructure as a service (IaaS) initiative for creating and managing large groups of virtual private servers in a cloud computing environment. (WhatIs.com)

  • Cloud Controls Matrix

    - The Cloud Controls Matrix is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider. (SearchCloudSecurity.com)

  • Microsoft Azure Site Recovery

    - Microsoft Azure Site Recovery is a new service in Microsoft Azure primarily used for disaster recovery purposes. First announced at TechEd 2014, Microsoft says the tool, which uses Azure as a targe... (SearchWindowsServer.com)

Glossaries

  • Cloud computing

    - Terms related to cloud computing, including definitions about on-demand, distributed computing and words and phrases about software-as-a-service, infrastructure-as-a-service and storage-as-a-service.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question About FedRAMP 3PAO (third-party assessment organization)Powered by ITKnowledgeExchange.com

Get answers from your peers on your most technical challenges

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.