Securing an Agency Sponsor for FedRAMP Agency-Sponsored ATO
Obtaining a mandated Federal Risk and Authorization Management Program (FedRAMP)  Authorization to Operation (ATO) is increasingly important for Cloud Service Providers (CSPs) who wish to make Cloud Service Offerings (CSOs) available to federal government agencies. The FedRAMP Authorization Act codifies the security and compliance requirements for commercial CSPs as they increasingly shift away from on-prem deployment models in favor of cloud-based service delivery models. The journey to FedRAMP authorization begins by understanding and embracing the requirement to secure an agency sponsor. Securing an agency with the willingness to become a CSPs partner and help shepherd them through the authorization process can be a daunting task. In FedRAMP, There are two paths to sponsorship – an Agency sponsorship to obtain a FedRAMP ATO and a Joint Authorization Board (JAB) sponsorship to obtain a Provisional Authorization (P-ATO). Given the JAB’s limited bandwidth, specific government-wide use, and business-case-centric qualification criteria, the majority of