Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships
 

What Does Agency Sponsorship Mean in FedRAMP?

FedRAMP | Federal Assessments

So you want to provide cloud services to the federal government?

There's a process that you need to go through in order to get there, and that requires an authorization and an assessment, but it also requires an agency sponsor. Let's talk about what that actually means.

I'm Doug Barbin, managing principal, and chief growth officer at Schellman. We've also had the privilege at Schellman of being one of the first third-party assessment organizations, or 3PAO, since the FedRAMP program's inception 10 years ago.

What does this agency sponsorship mean?
Fedramp is one of the unique types of third-party assessments that require interactions by the second party. In most cases, if you look at a SOC 2 report or an ISO 27001 certification, you can come to a body or a provider like Schellman, we can perform an assessment, we can issue you a report that you can share with your customers. In the case of FedRAMP, that's not enough. To get into the FedRAMP process, you have to have a sponsor, you have to have a means of entry into the federal government. Typically what that means is you have a government agency - could be a division of the Department of Defense as well, but you have a group within the government that is going to sponsor your entryway into FedRAMP. They want to do business with you, and so they're willing to be your sponsor in that FedRAMP process. Now, that is a requirement, unfortunately, and that can be a barrier for some companies that are looking to get into the market but don't have an existing relationship or an initial relationship that can be that sponsor.

So what do you do to address that?
There are a few avenues such as going through a FedRAMP ready assessment. There are other outreach programs. You can reach out to the FedRAMP PMO who can give you guidance on how to get there. But it is important to know: going into FedRAMP, it's not enough just to hire an assessment firm. As a matter of fact, you can't hire us to do the assessment unless you have someone, an agency or the joint authorization board that's willing to sponsor you through the process.

Getting an agency sponsor is a critical first step in your FedRAMP path. Contact us today so that we can walk you through what the broader picture is from a journey on FedRAMP, from getting that agency sponsor to going through the assessment and ultimately getting your authorization. 

About Douglas Barbin

As Chief Growth Officer and firmwide Managing Principal, Doug Barbin is responsible for the strategy, development, growth, and delivery of Schellman’s global services portfolio. Since joining in 2009, his primary focus has been to expand the strong foundation in IT audit and assurance to make Schellman a market leading diversified cybersecurity and compliance services provider. He has developed many of Schellman's service offerings, served global clients, and now focuses on leading and supporting the service delivery professionals, practice leaders, and the business development teams. Doug brings more than 25 years’ experience in technology focused services having served as technology product management executive, mortgage firm CTO/COO, and fraud and computer forensic investigations leader. Doug holds dual-bachelor's degrees in Accounting and Administration of Justice from Penn State as well as an MBA from Pepperdine. He has also taken post graduate courses on Artificial Intelligence from MIT and maintains multiple CPA licenses and in addition to most of the major industry certifications including several he helped create.