Blog

Readiness Assessment Report (RAR) Templates and Guide Updates for 3PAOs

January 4 | 2022

FedRAMP has updated the Readiness Assessment Report (RAR) Guide and templates (linked below) in order to provide enhanced guidance for Third Party Assessment Organizations (3PAOs).

• FedRAMP High Readiness Assessment Report Template
• FedRAMP Moderate Readiness Assessment Report Template
• FedRAMP 3PAO Readiness Assessment Report Guide

The updates to both of the RAR templates and the guide aim to:

• Streamline template sections/tables to simplify and reduce duplication and complexity
• Clarify requirements and instructions based on feedback from 3PAOs and CSPs
• Align the RAR with current FedRAMP guidance and requirements

The intent of the RAR is for a 3PAO to document a Cloud Service Offering’s (CSO) management, technical, and operational capabilities and attest a CSO’s readiness for the FedRAMP authorization process. By completing a RAR, a Cloud Service Provider (CSP) is able to understand if their CSO has the key capabilities to obtain a FedRAMP authorization. While the CSP should review the RAR for accuracy, the 3PAO has ownership of the RAR and is fully responsible for its content.

Recent Posts

• The Missing Piece of Our Modernization Puzzle: The FedRAMP Platform
• Digital Authorization Package Pilot Launch
• Welcoming a New Leader for a New FedRAMP
• Moving to One FedRAMP Authorization: An Update on the JAB Transition
• Strengthening the Use of Cryptography to Secure Federal Cloud Systems

The Federal Risk and Authorization Management Program (FedRAMP®) is managed by the FedRAMP Program Management Office.

The FedRAMP name and the FedRAMP logo are the property of the General Services Administration (GSA) and may not be used without GSA’s express, written permission. For more information, please see the FedRAMP Brand Guide.

Connect With Us

Please reach out to FedRAMP with any questions.