KCG’s Cyber Attack and Penetration Division (CAPD) brings a team of over 90 security consultants to the task of security assessment.  As a designated Third Party Assessment Organization (3PAO), we work with Cloud Service Providers (CSPs) to ensure their readiness to proceed with the 3PAO assessment process, as well as conduct the actual assessments. 

FedRamp Compliance Readiness Review

To ensure that organizations meet security standards the first time and reduce the risk of delays, KCG provides a FedRAMP Compliance Readiness Review.  KCG delivers unparalleled support, including: 

• Educating organizations about FedRAMP standardization and compliance requirements, including the process, required artifacts, 3PAO assessment preparation and continuous monitoring
• Indentifying potential deficiencies or lack of controls that could result in a failure to comply with FedRAMP and NIST standards
• Providing a preparatory gap analysis that identifies potential areas of non-compliance
• Recommending solutions and processes necessary to meet FedRAMP requirements prior to completing the 3PAO security assessment 

3PAO Assessment

KCG brings a well-defined and mature process to the delivery of security assessment services.  This process has been refined over the course of more than 500 NIST-aligned security assessments as part of the assessment and authorization (A&A) process.  In assessing Cloud Service Providers, we will leverage FedRAMP security controls and FedRAMP templates to conduct a security assessment that identifies residual risk for provisional authorization by the Joint Authorization Board (JAB).  In general, the typical 3PAO assessment takes approximately four months.  

To learn more about how KCG can help your CSP receive the Authority to Operate federal cloud services, click here.