January 4 | 2022
FedRAMP has updated the Readiness Assessment Report (RAR) Guide and templates (linked below) in order to provide enhanced guidance for Third Party Assessment Organizations (3PAOs).
The updates to both of the RAR templates and the guide aim to:
The intent of the RAR is for a 3PAO to document a Cloud Service Offering’s (CSO) management, technical, and operational capabilities and attest a CSO’s readiness for the FedRAMP authorization process. By completing a RAR, a Cloud Service Provider (CSP) is able to understand if their CSO has the key capabilities to obtain a FedRAMP authorization. While the CSP should review the RAR for accuracy, the 3PAO has ownership of the RAR and is fully responsible for its content.
The Federal Risk and Authorization Management Program (FedRAMP®) is managed by the FedRAMP Program Management Office.
The FedRAMP name and the FedRAMP logo are the property of the General Services Administration (GSA) and may not be used without GSA’s express, written permission. For more information, please see the FedRAMP Brand Guide.
Please reach out to FedRAMP with any questions.