FedRAMP Assessment & Advisory Services

Cloud Service Providers (CSPs) interested in serving federal organizations must meet rigorous government-mandated security requirements as part of the Federal Risk and Authorization Management Program (FedRAMP).

To ensure CSPs meet these standards, they must be audited by a Third Party Assessment Organization (3PAO) before they can receive a provisional Authorization to Operate (ATO) and start providing cloud services to federal customers. Over 300 security controls, thousands of pages of documentation, and a rigorous assessment make up the challenging path to a cloud service authorization.

Selecting an experienced and proven 3PAO is critical to gaining an ATO in an efficient and timely manner. That is why so many CSPs turn to Kratos to assist in preparing for FedRAMP or to conduct a formal 3PAO audit. Kratos is an accredited FedRAMP 3PAO certified by the U.S. General Services Administration (GSA) to perform security assessments of CSPs. We have performed extensive information security work with industry-leading CSPs, including Amazon Web Services, Microsoft, Dell, and many more.

Kratos provides FedRAMP advisory and assessment services for public, private, community, and hybrid cloud service offerings, including: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). We work with CSPs to ensure their readiness to proceed with the 3PAO assessment process, as well as to conduct the actual assessments to secure the cloud with confidence.

Advisory Support

Kratos provides comprehensive gap analysis, FedRAMP authorization package development, and assessment services to federal government and commercial organizations.

FedRAMP Gap Analysis – Kratos will provide a gap analysis that identifies potential areas of non-compliance, including identifying potential deficiencies or lack of controls, that could result in a failure to comply with FedRAMP and National Institute of Standards and Technology (NIST) requirements.

FedRAMP Authorization Package Development & Consulting – Kratos has an independent team of advisors that assist in the development of an organization’s FedRAMP documentation and environment. The Kratos team of expert advisors can help with any documentation, planning development, and guidance needed to successfully complete the authorization package.

Assessment & Authorization (A&A)

Kratos serves as a 3PAO and performs independent assessments for CSPs. Kratos delivers security assessment services, including assessment planning, execution of the assessment (testing), and submission of a final assessment package to receive an ATO.

3PAO FedRAMP Assessment – Helping CSPs navigate and streamline the FedRAMP process all the way through to gaining an ATO. We guide organizations through a streamlined and cost-effective path to obtaining an ATO, and we provide an effective continuous monitoring program to maintain the ATO over time.

FedRAMP Continuous Monitoring

Kratos also provides continuous monitoring services to help CSPs maintain their FedRAMP ATO. On-going continuous monitoring services can be provided on a quarterly, annual, or every three- or five-year basis to satisfy FedRAMP requirements.

Continuous monitoring also includes mandatory services to be performed by a 3PAO. For example, assessing a subset of controls, performing penetration testing, and scanning operating systems/infrastructure, web applications, and databases on an annual basis.

Work with a Leader and Make a Difference


Contact Us

5971 Kingstowne Village Pkwy, Suite 200
Alexandria, VA 22315
Phone: (703) 254-2000
Fax: (703) 254-2010
Map and Directions