FedRAMP Preparation Consulting Services

Just starting your research on FedRAMP compliance? Need help understanding or preparing all of the documentation required to submit for FedRAMP Accreditation? Sentar can help! Sentar is also pursuing recognition as an official Third Party Accreditation Organization (3PA0), once the program is again open for registration later this year. In the meantime, we can help your organization prepare for an actual 3PAO audit. Sentar's advisory team of experts can help your organization prepare your cloud service (IaaS / PaaS / SaaS) for FedRAMP assessment and authorization, including the volume of documentation preparation. Our team includes FedRAMP specialists with multiple successes helping other organizations obtain FedRAMP Accreditation. They can lead your organization in preparation and assistance with your compliance gaps; addressing risks and aligning your cybersecurity strategies with your business requirements.

Our FedRAMP services include:

FedRAMP Compliance Review - Our FedRAMP team analyzes your systems and conducts a review of your organization’s processes and current cybersecurity posture; providing company and project stakeholders a robust understanding of the key issues and options to resolve them. Our review process includes:

  • An overview of the FedRAMP processes and authorization paths
  • Boundary scoping to ensure all components and interconnections have been identified
  • Analysis and review of security control implementations
  • Recommendations for all requirements not met
  • Review of existing system documentation
  • Focused review of controls required for FedRAMP Readiness Assessment
  • Determination of reuse of corporate/system-specific policies and procedures
  • A review of vulnerability scanning program/tools and recommendations
  • Establishment of a roadmap for FedRAMP authorization
  • Tips for achieving FedRAMP Ready and submitting a winning JAB Business Case

FedRAMP Advisory Support - Your organization has decided to seek FedRAMP Accreditation. Turn to the experts at Sentar to help ensure your organization is efficiently moving closer to compliance without negatively impacting your normal work flows. Working closely with your team, Sentar’s FedRAMP advisors will help you develop the security controls that meet FedRAMP requirements. Activities include:

  • Creating and providing all FedRAMP required documentation:
    • Security Plan (SSP) Baseline
    • Information Security Policies and Procedures (one each, covering all control families)
    • SSP User Guide
    • Electronic Authentication (E-Authentication) Plan
    • Privacy Impact Assessment (PIA)
    • Rules of Behavior (RoB)
    • Information System Contingency Plan (ISCP)
    • Configuration Management Plan (CMP)
    • Incident Response Plan (IRP)
    • Control Implementation Summary (CIS) Workbook
    • Federal Information Processing Standard (FIPS) 199 Categorization
    • Separation of Duties Matrix
    • FedRAMP Laws and Regulations
    • Integrated Inventory Workbook
    • Plan of Action and Milestones (POA&M)
    • Continuous Monitoring Plan

  • Additional Advisory services (not all organizations need these):
    • Vulnerability scanning
    • Penetration testing
    • Security hardening and engineering
    • Security monitoring program development, optimization and engineering services
    • 3PAO Audit Support
    • Continuous monitoring program development