What is FedRAMP 3PAO (third-party assessment organization)? - Definition from WhatIs.com


FedRAMP 3PAO (third-party assessment organization)

Part of the Cloud computing glossary:

A 3PAO is an organization that has been certified to help cloud service providers and government agencies meet FedRAMP compliance regulations. 3PAO stands for Third Party Assessment Organization.

A 3PAO evaluates a cloud provider's systems to ensure transparency between government and cloud providers and consistency in data security strategies. Certified 3PAOs use FedRAMP templates when performing security assessments.

The U.S. General Services Administration (GSA) website lists the following requirements for qualification as a 3PAO:

  • Independence and quality management in accordance with ISO/IEC 17020: 1998 standards.
  • Information assurance competence that includes experience with FISMA and testing security controls.
  • Competence in the security assessment of cloud-based information systems.

See also: Federal Cloud Computing Initiative

This was last updated in May 2013
Posted by: Margaret Rouse

Related Terms


  • Amazon Simple Storage Service (Amazon S3)

    - Amazon Simple Storage Service (Amazon S3) is an object storage service from Amazon Web Services that enables developers to back up and archive data. (searchAWS.com)

  • Lustre

    - Lustre is an open source parallel distributed file system (DFS) specialized for large-scale cluster computing. The name is a portmanteau of Linux and cluster. (searchConvergedIT.com)

  • Microsoft Office 365 suite

    - Microsoft Office 365 suite is a hosted, online version of Microsoft Office software. IT administrators access it from a web-based portal to set up new user accounts, control access to features and ... (SearchMobileComputing.com)


  • Cloud computing

    - Terms related to cloud computing, including definitions about on-demand, distributed computing and words and phrases about software-as-a-service, infrastructure-as-a-service and storage-as-a-service.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question About FedRAMP 3PAO (third-party assessment organization)Powered by ITKnowledgeExchange.com

Get answers from your peers on your most technical challenges

Tech TalkComment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.