Loading...

FedRAMP

Get industry-leading FedRAMP services.

Expand cloud services into government markets while minimizing performance and operational risks with our industry-leading FedRAMP services.

Trust the most utilized FedRAMP third-party assessment organization (3PAO) in the industry to provide you with FedRAMP advisory and assessment services for public, private, community, and hybrid cloud service offerings, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

Benefit from unparalleled FedRAMP leadership and experience assessing systems for the largest cloud service providers (CSPs) in the world: Google, Microsoft, Amazon Web Services, and Salesforce.com.

Visit MeriTalk for an official list of clients we’ve helped achieve FedRAMP certification.

Assessment Services

Onboard your cloud system with the industry’s most highly recommended third-party assessment organization. Understand what FedRAMP compliance demands from your organization and work with industry-leading analysts who will shepherd you through the technical rigor and scrutiny of FedRAMP assessments. Assessment services include:

  • Gaining a comprehensive understanding of FedRAMP and what it takes to comply
  • Efficiently completing the onboarding process to minimize operational impact and quickly capture federal cloud market-share from competitors
  • Repurposing results and documentation from other compliance initiatives
  • Reducing time to market by eliminating project delays, retesting and other issues
  • Gaining buy-in from key stakeholders and setting organizational expectations for the final 3PAO assessment

Readiness Assessment

The goal of this initial assessment is to ensure your solution is ready for the FedRAMP process and can quickly proceed through the ATO process in the designated timeframe. Components of this assessment includes:

  • Verifying system boundary definitions
  • Executing complete documentation review
  • Performing critical controls Go/No-Go review
  • Educating your stakeholders about final assessment requirements, timelines, and likely Authority to Operate (ATO) sponsor expectations

3PAO Assessment

We conduct official 3PAO assessments for systems seeking an Agency-sponsored, CSP-supplied, or JAB Provisional Authority to Operate (ATO). We’ve also successfully assessed several of our premier clients against the Defense Information Systems Agency’s (DISA) additional security control requirements for impact levels 1-5.

Get customized assessment services from the 3PAO that has helped more systems attain an ATO than any other 3PAO in the industry.

Customized Advisory Services

Many organizations look to FedRAMP specialists who can aid in assessment components such as writing detailed documentation, aligning policies to regulations, and guiding engineering decisions about system boundaries. We specialize in delivering customized FedRAMP advisory services, including:

  • Business case analysis to help determine the cost/benefit justification of achieving FedRAMP certification of your solution
  • Security control implementation analysis, review, and remediation support
  • Review of existing system documentation, a la carte documentation development as needed
  • Complete security authorization package development

Advisory Services

Business Justification Review

Is FedRAMP certification is the right path to pursue for your organization?

Get insights into information security program improvements, technology and process updates along with architectural changes required to achieve FedRAMP certification to inform the go/no-go decision. Our analysis provides decision-makers with a clear picture of program costs, timelines, and internal resource demands to facilitate an informed decision about pursuing FedRAMP certification.

FedRAMP Compliance Review

Our experienced FedRAMP Advisory team conducts several days of analysis and review, then advises project stakeholders about key steps in the process, including:

  • Identify and verify system authorization boundary
  • Perform a gap analysis/technical review of the FedRAMP high value controls
  • Determine the status of corporate/system-specific policies and procedures
  • Review the vulnerability scanning program
  • Establish a roadmap for FedRAMP Accreditation

Full Advisory Support

We map each advisory service to a specific step of the FedRAMP process, enabling you to choose the level of support you need. Working closely with your team and the 3PAO, we provide a dashboard to track process milestones and timelines to complete the required FedRAMP documentation package.

  • FIPS 199
  • Control implementation summary
  • System security plan
  • Contingency plan
  • Incident response plan
  • Configuration management plan
  • Privacy impact assessment
  • eAuthentication workbook
  • User guide
  • Rules of behavior
  • Policies/procedures
  • Vulnerability scanning
  • Penetration testing
  • Security hardening

Why Veris Group?

Veris Group has helped more systems attain an Authority to Operate (ATO) than any other 3PAO in the industry.

As the first 3PAO to successfully navigate the FedRAMP authorization process at the JAB, Agency, and CSP-supplied levels, we played a key role in the development and implementation of FedRAMP requirements. This enables us to transform the way government and commercial organizations work as they migrate IT services to the cloud. We’ve successfully completed FedRAMP assessments resulting in ATO’s for the following organizations:

  • Amazon Web Services
  • Autonomic Resources
  • IBM
  • Salesforce.com
  • Microsoft
  • AT&T
  • ServiceNow
  • AINS
  • QTS
  • U.S. Department of Treasury
  • U.S. Agency for International Develompent (USAID)
  • General Services Administration (GSA)
  • U.S. Department of Justice (DOJ)
  • Social Security Administration (SSA)

Industry Leadership

Since FedRAMP’s inception, Veris Group has been a charter member and active contributors to the 3PAO Special Interest Group (SIG) and other key initiatives organized by the FedRAMP Program Management Office (PMO). Our leadership team continues to participate as thought leaders in the FedRAMP community through speaking engagements and expert panels.

Additional Resources:

Veris Group LLC Completes FedRAMP Assessment for MobileIron Government Cloud

For Immediate Release Veris Group supports stand-alone enterprise mobility management (EMM) leader with FedRAMP compliance Vienna, VA, December 16, 2016 — Veris Group LLC, one [...]

Veris Group LLC Completes FedRAMP Accelerated Assessment for Microsoft Dynamics CRM Online Government

For Immediate Release Veris Group supports first Cloud Service Provider (CSP) through FedRAMP Accelerated authorization Vienna, VA, September 30, 2016 — Veris Group, LLC, one [...]

Next for FedRAMP: Closer integration with DoD

Now that the new cloud standards for high security systems are out under the Federal Risk Authorization Management Program (FedRAMP), the next step is to [...]

Faster results for FedRAMP Accelerated Program?

Dave McClure, Veris Group’s Chief Strategist, discussed expectations and reality of the FedRAMP Accelerated Program on the Government Matters television show. Watch the interview with [...]

FedRAMP on Salesforce – What You Need To Know

Understanding the regulatory roadmap for FedRAMP on Salesforce The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security assessment, authorization, and [...]

FedRAMP on Amazon Web Services (AWS) – What You Need To Know

Understanding the regulatory roadmap for FedRAMP on AWS The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security assessment, authorization, and [...]