Browse Definitions :
Definition

FedRAMP 3PAO (third-party assessment organization)

A 3PAO is an organization that has been certified to help cloud service providers and government agencies meet FedRAMP compliance regulations. 3PAO stands for Third Party Assessment Organization.

A 3PAO evaluates a cloud provider's systems to ensure transparency between government and cloud providers and consistency in data security strategies. Certified 3PAOs use FedRAMP templates when performing security assessments.

The U.S. General Services Administration (GSA) website lists the following requirements for qualification as a 3PAO:

  • Independence and quality management in accordance with ISO/IEC 17020: 1998 standards.
  • Information assurance competence that includes experience with FISMA and testing security controls.
  • Competence in the security assessment of cloud-based information systems.

See also: Federal Cloud Computing Initiative

This was last updated in May 2013

Continue Reading About FedRAMP 3PAO (third-party assessment organization)

SearchCompliance
  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

  • information governance

    Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and ...

SearchSecurity
  • threat modeling

    Threat modeling is a procedure for optimizing application, system or business process security by identifying objectives and ...

  • social engineering

    Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into ...

  • distributed denial-of-service (DDoS) attack

    A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a ...

SearchHealthIT
SearchDisasterRecovery
  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

  • disaster recovery (DR)

    Disaster recovery (DR) is an organization's ability to respond to and recover from an event that affects business operations.

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

SearchStorage
  • storage security

    Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted ...

  • cloud storage

    Cloud storage is a service model in which data is transmitted and stored on remote storage systems, where it is maintained, ...

  • cloud data management

    Cloud data management is a way to manage data across cloud platforms, either with or instead of on-premises storage.

Close