In May 2012 COACT Inc. was granted Accepted Third Party Assessment Organization (3PAO) status under the Federal Risk and Authorization Management Program (FedRAMP). The COACT RAMP Lab is an Accredited FedRAMP 3PAO and is authorized to perform security assessments for cloud service providers (CSP) seeking FedRAMP Provisional Authorization.

    FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that will save cost, time, and staff required to conduct redundant agency security assessments.

    FedRAMP is the result of close collaboration with cyber security and cloud experts from GSA, NIST, DHS, DOD, NSA, OMB, the Federal CIO Council and its working groups as well as private inductry. Additional Information on FedRAMP governance can be found here.

    Seeking an ATO from the FedRAMP Joint Authorization Board (JAB)?

    COACT offers the following services in support of your FedRAMP assessment:

    As part of our FedRAMP preparation service, we can help you understand what FedRAMP entails for your Cloud based information system(s) and how to define your accreditation boundaries. Our experienced FedRAMP consultants have proven expertise in assisting companies in improving their overall security posture and in developing compliant documentation. We can help you defend your package to the evaluators and advise you on how to get through the FedRAMP assessment process. COACT can prepare the following types of documents on your behalf:


    • FIPS 199 Security Categorization
    • Asset Inventory (Hardware and Software)
    • System Description/Boundary Description
    • Information System Contingency Plan
    • Business Impact Assessment
    • Configuration Management Plan
    • Incident Response Plan
    • Vulnerability Assessment and Reports
    • System Security Plan (SSP)
    • Process Handbook/Standard Operating Procedures
    • FedRAMP Document Templates
    • Security Control Assessment
    • Plan of Action & Milestones (POA&MS)
    • Penetration Testing and Reports

    As with any new program, there are going to be a lot of questions. For FAQ’s covering the FedRAMP program from both an Agency and Industry point of view, we recomend that you visit the Official FedRAMP FAQ page.

    For more information on how COACT can assist you with FedRAMP 3PAO Testing, please use the contact form below.

    Company Name *

    Name *

    Email Address *


    Your Message