Perform initial and periodic assessments (continuous Monitoring) of CSP security controls
Conduct security tests and produce a Security Assessment Report and POAM
Categorize system
To become and accredit 3PAO, assessors must submit application materials demonstrating that they meet both technical competence in security assessment of cloud systems and management requirements for organizations performing inspections. FedRAMP has approved American Association for Laboratory Accreditation (A2LA) to accredit FedRAMP Third Party Organizations (3PAOs)