Federal Risk and Authorization Program
The Federal Risk and Authorization Management Program (FedRAMP) created a government-wide standardized approach for assessing, authorizing, and monitoring the security of systems providing cloud products and services to Federal agencies. Under this program, third party assessment organizations perform independent verifications of the security controls utilized by cloud service providers’ information systems. However, the reporting format prescribed by FedRAMP for third party assessments differs substantially from the format AICPA members currently use to report on controls at service organizations. The ASEC Trust Information Integrity Task Force formed a working group which has met with FedRAMP representatives on multiple occasions and has made significant progress in developing a reporting format that would comply with current AICPA reporting standards while also meeting the requirements of the FedRAMP program. The report template will be posted here once finalized. For more information regarding the status of this project, please contact Tanya Hale at firstname.lastname@example.org.