The Federal Risk and Authorization Management Program FedRAMP is a compliance program established by the US government that sets a baseline for cloud products and services regarding their approach to authorization, security assessment, and continuous monitoring.

Sigma Technology’s tailored approach automates FedRAMP requirements to a more consistent repeatable process which reduces duplicative efforts, inconsistencies, and cost inefficiencies. Our FedRAMP ATO Acceleration process enables the CSP’s to quickly meet the requirements of the FedRAMP Joint Authorization Board (JAB) or the Agency requirements.

Sigma Technology’s FedRAMP Readiness Assessment Program enables CSP’s to meet the FedRAMP Authorization Process by:

• Defining Authorization Boundary consistent with the FedRAMP guidelines
• Overall alignment with the NIST definition of cloud computing according to NIST SP 800-145, including the requirement for a CSP to have a self-service portal
• Whether the CSP is pursuing a JAB P-ATO or an Agency ATO
• Notable strengths and weaknesses
• Ability to accurately describe intra and inter-system user and sensitive metadata data flow
• Risks associated with interconnections used to transmit federal data/metadata or sensitive system data/metadata
• Risks associated with the use of external systems and services that are not FedRAMP Authorized
• Clearly defined customer responsibilities
• Ensure federal mandates are met
• Unique or alternative implementations
• Overall maturity level relative to the system type, size, and complexity
• Overall operational maturity relative to how long the system and required security controls have been in operation
• Helping the CSPs with the required policies, processes, procedures, and evidence of significant progress towards completed documentation
• Helping the CSP with the System Security Plan (SSP) development and other required Plans consistent with the FedRAMP templates
• Preparing CSP’s with the initial Authorization Package Checklist