What is FedRAMP?

Compliance with FedRAMP is necessary for cloud service providers (CSP) to gain federal or other contracts with major clients. CSPs comply with the Federal Risk and Authorization Management Program (FedRAMP) if they adhere to the standardized requirements for information security assessment, monitoring, and authorization of Cloud Service Offering (CSO).

Why Should Your Organization Care?

There are several complex security documents required prior to being assessed by a 3PAO. FedRAMP certification is one of the hardest for CSPs to achieve because of large documentation requirements, controls, 3PAO reviews, and authorization. No matter your current security state, Marcelle will help your organization save significant time, costs, and provide the necessary resources to ensure your cloud system does not just meet FedRAMP requirements but allow for scalability to maximize your cloud services.
In addition, to helping your cloud solution meet minimum FedRAMP standards, Marcelle Consultants is well experienced in the FedRAMP ATO lifecycle. Our experts provide the comfort and relief with specific services for your organization to optimize its process with maintaining FedRAMP compliance. Our FedRAMP consultants have worked with several government agencies assuring that they could protect confidentiality, integrity, and availability of the government’s confidential and sensitive information assets in the cloud.

FedRAMP Solutions That Meet Your Budget

We understand that most organizations have a limited cybersecurity budget. We offer FedRAMP compliance and monitoring services at a fraction of the cost it would take your organization to achieve FedRAMP authorization in-house.  Our extensive experience with cloud systems, NIST requirements, and the Risk Management Framework (RMF) provides our you with the expertise needed to successfully obtain a FedRAMP ATO. Our services include but are not limited to:

Pre-ATO - FedRAMP Package Development

  • Security Authorization Package
  • FIPS-199
  • Digital Identity Worksheet (eAuthentication)
  • PTA & PIA
  • Security Plan
  • Contingency Plan
  • Configuration Management Plan
  • Incident Response Plan
  • Control Implementation Summary
  • Eighteen (18) NIST Policies & Procedures
  • Vulnerability Management Plan
  • Rules of Behavior
  • Continuous Monitoring Strategy
  • User Guide

Security Training

  • Annual Role Based security Training
  • Semi-annual Significant Security Training
  • Annual Social Engineering Training
  • Semi-annual Social Engineering Exercises

ISSO as a Service

  • Audit Log Reviews
  • Account Management Reviews
  • POA&M Management
  • Continuous Monitoring Executive Summary
  • Security Impact Analysis
  • Change Management
  • Configuration Management
  • Vulnerability Management
  • Documentation Maintenance
  • Annual Contingency Plan Test & Training
  • Annual Incident Response Test