FEDRAMP Third Party Assessment Organization (3PAO) Engagements with Microsoft


As Government agencies look to reap the benefits of cloud computing, the Federal Risk and Authorization Management Program (FedRAMP) is a critical step in keeping sensitive Government data secure. Under FedRAMP, accredited independent organizations assess cloud controls in compliance with the Federal Information Security Management Act (FISMA) using custom methodologies and approaches to conduct detailed assessments of cloud environments, identifying vulnerabilities in cloud environments, and enabling cloud service providers to mitigate risks.

Given the number of cloud providers, the Government needed to deputize trusted partners to evaluate on their behalf and ensure cloud providers met critical security standards. Depending on the complexity of a company’s cloud infrastructure, an evaluation can take several months. Third-party contractors are assessed as evaluators and shepherd companies through the accreditation process.


Engility was selected as one of the very first evaluators. The accreditation enables Engility to conduct pre-audit assessments and to audit cloud service provider compliance with FedRAMP security requirements. Engility applies its proven assessment methodology and leverages in-depth technical analytic skills, coupled with a thorough understanding of security controls implementations unique to cloud environments, to enable cloud vendors to provide secure cloud services to Government agencies.


As a trusted Government partner and a provider of cloud solutions in their own right (see our Army Rainmaker case study), Engility brings rigorous standards in cloud security to every engagement. Several companies have already contracted with Engility and are navigating the approval process with our guidance. Engility is delivering critical cyber security support to Government agencies by extending our capabilities and helping to accelerate cloud computing adoption in Government.