What is FedRAMP?

A CSP must have a FedRAMP Authority to Operate (ATO) in order to sell to the federal government.

As an accredited FedRAMP third-party assessment organization (3PAO), Vaultes’ cyber security professionals provide Cloud Service Providers with the rigorous and comprehensive assessments, authorization and monitoring framework they need in order to obtain their FedRAMP Authorization to Operate (ATO).

Our FedRAMP Services

FedRAMP accreditation is a significant investment for most CSPs and there is no “one size fits all” approach when it comes to the level of service your CSP may require. That’s why we’ve crafted our FedRAMP offerings to accommodate a broad range of cybersecurity maturity levels:

Readiness Assessment Report (RAR)

Best for: CSPs considering obtaining FedRAMP ready status but are in need of high-level assessment to identify potential gaps.
What we offer: Vaultes can review your environment’s technical capabilities in meeting FedRAMP requirements. This step is required for CSPs pursuing Joint Authorization Board (JAB) provisional authorization to operate (P-ATO).

Gap Assessment

Best for: CSPs in need of a rigorous review of all 365+ FedRAMP controls.
What we offer: Vaultes’ detailed Gap Assessments will include network and dataflow diagram reviews, detailed findings reports, multiple stakeholder interviews and remediation instructions to enable your CSP to perform the needed corrective actions for accreditation.

FedRAMP Assessment

Best for: CSPs seeking a full technical assessment to ensure compliance with NIST SP 800-53 and FedRAMP controls.
What we offer: Vaultes will develop a security assessment plan (SAP), security requirements traceability matrix (SRTM) to document assessment results, and security assessment report (SAR). We’ll assess manual security controls and conduct vulnerability scans on all systems plus perform a penetration test.

FedRAMP Remediation Services

Best for: CSPs who have obtained a Security Assessment Report (SAR) identifying known vulnerabilities requiring remediation prior to ATO.
What we offer: Vaultes can go beyond assessment and advisory support services to provide the development and engineering expertise needed for your CSP to remedy found deficiencies within a JAB review.

Continuous Monitoring Services

Best for: CSPs who have obtained their FedRAMP ATO and need to maintain their compliance.
What we offer: Our Cyber security professionals will provide continuous monitoring services to help your CSP maintain their FedRAMP ATO. This includes mandatory services to be performed by a 3PAO including assessing a subset of controls, penetration testing and annually scanning operating systems/infrastructure, web applications and databases.