Overview
3PAO Security Risk Assessment
For CSPs seeking a 3PAO for FedRAMP authorization, we conduct an independent security assessment using FedRAMP-provided templates (e.g., Security Assessment Plan (SAP), Security Assessment Report (SAR), and Risk Exposure Table (RET)). We evaluate the CSP’s compliance with FedRAMP security requirements by performing a detailed review of documentation, conduct vulnerability scans and perform a penetration test. The primary deliverables are a completed SAP, SAR, and test results that are reported in compliance with FedRAMP and ISO standards.
FedRAMP Readiness Assessment
For CSPs looking to become FedRAMP Ready, we offer a FedRAMP readiness assessment to determine if the CSP is prepared for a full FedRAMP assessment. We review the CSP's security documentation, evaluate the implementation of security controls, and identify any gaps or areas needing improvement. We produce a Readiness Assessment Report (RAR), which outlines the CSP's compliance status and readiness for the full FedRAMP assessment. This report helps the CSP address deficiencies and ensures they meet initial FedRAMP requirements before undergoing a comprehensive security evaluation.
DoD IL4, IL5 and IL6 Assessment
For CSPs seeking a Department of Defense (DoD) Impact Level (IL4-IL6) authorization through the Defense Information Systems Agency (DISA) Provisional Authorization (PA) process. We conduct a thorough evaluation of the CSP’s security controls, ensuring they meet DoD IL requirements. This involves reviewing documentation, performing vulnerability scans, and conducting penetration tests. We compile our findings into a Security Assessment Report (SAR), which is submitted to DISA. The SAR helps DISA's Authorizing Official (AO) determine whether to grant the CSP a Provisional Authorization.
FedRAMP Consulting Services
FedRAMP Security Package Development For CSPs that have already decided to pursue a FedRAMP accreditation, we guide CSPs through the development and documentation of their security package. This includes helping the CSP understand FedRAMP requirements, implementing necessary security controls, and creating comprehensive documentation, such as the System Security Plan (SSP), policies, and procedures. Quality and completeness of documentation are essential to a streamlined accreditation process. Our team of experts will work with your subject matter experts to collect, consolidate, and articulate technical information to properly report control compliance. The primary deliverable is a completed set of required FedRAMP security documentation.
Gap Assessment/Remediation Services
We’ll conduct a gap analysis of a cloud solution’s compliance and risk posture relative to FedRAMP NIST 800-53 rev. 5 controls to provide risk-based recommendations to facilitate FedRAMP compliance. The primary deliverable is a gap report containing an identified list of deficiencies and recommended mitigations. For CSPs remediating system vulnerabilities, we provide cybersecurity IT project management and technical services to ensure on-time and on-budget implementation of remediation efforts. Our experts manage and execute projects to mitigate vulnerabilities that are inhibiting FedRAMP compliance. The primary deliverable for remediation is a FedRAMP-compliant cloud solution.
Continuous Monitoring Services
For accredited CSPs, we offer annual security assessments. We perform an abbreviated security risk assessment based on significant changes to the system’s configuration baseline. Other services include annual penetration testing and vulnerability scanning of operating systems/infrastructure, databases, containers and web applications. Primary deliverables include an updated SAR, monthly vulnerability scan findings and a monthly continuous monitoring report.
Highlights
- Proven Corporate Experience - The Booz Allen Commercial business specializes in advanced cyber defense and tackling the most critical cyber issues. In combination with our federal cyber practice, Booz Allen has the largest managed and professional security services business in North America. Booz Allen security experts are trusted in the U.S. Government’s most sensitive systems and in many of the Fortune 500 corporations around the world.
- Authorized FedRAMP Third-Party Assessment Organization (3PAO) - Booz Allen is an authorized 3PAO, assessing clients and awarding them their certificates. Booz Allen has completed dozens of assessments since the FedRAMP Program was rolled out in 2012 and is a trusted partner in the success of the FedRAMP program and the FedRAMP ecosystem.
- Our Cybersecurity Expertise is Internationally recognized: o Named 3x “Largest Global Supplier of Cyber Security” by Frost & Sullivan o Most Innovative MDR provider – Frost Radar 2022 o 7,000+ cyber experts with 7,000 certifications o Designed or Implemented 27 Fortune 500 Cyber Fusion Centers o 1000+ Crisis, Forensics, and Incident Response engagements annually o ALM Vanguard Best Cybersecurity Consulting Company
Details
Pricing
Custom pricing options
How can we make this page better?
Legal
Content disclaimer
Support
Vendor support
Booz Allen FedRAMP - https://www.boozallen.com/markets/commercial-solutions/federal-risk-and-authorization-management-program.html Booz Allen CMMC - https://www.boozallen.com/expertise/cybersecurity/cmmc.html Booz Allen CATL - https://www.boozallen.com/d/insight/blog/cyber-assurance-test-laboratory-services.html Booz Allen Incident Response -
Software associated with this service
