tv6yvzr018

FedRAMP: Implementation & 3PAO Assessment

Wednesday, December 11th | 2-3pm EST

DESCRIPTION:

Discover best practices for navigating the FedRAMP process and learn about the essential role of Third-Party Assessment Organizations. This webinar will cover the FedRAMP process from kickoff to implementation, and the 3PAO assessment!

 

AGENDA TOPICS

FedRAMP Implementation

  • Strategic Preparedness & Alignment with Government Needs
  • Learning Objective: Understand the foundational steps a Cloud Service Provider (CSP) should take to prepare for FedRAMP, especially before contracting with the government.
  • Comprehensive Cost Analysis: CapX, OpX, and TimeX
  • Learning Objective: Identify and plan for the full spectrum of costs associated with FedRAMP, including people, technology, and time.
  • Gap Analysis and Remediation Planning
  • Learning Objective: Conduct a thorough gap analysis to map out architecture adjustments and compliance needs for FedRAMP.
  • Agency Sponsor Collaboration for a Smooth FedRAMP Journey
  • Learning Objective: Emphasize the importance of continuous communication with the government agency sponsor, building a collaborative team dynamic.
  • Building Organizational Alignment and Cross-Functional Investments for FedRAMP Success
  • Learning Objective: Understand that FedRAMP readiness demands strategic team investments across departments to ensure a successful and sustainable compliance journey.

 

3PAO Assessment

  • What the 3PAO needs for project kickoff
  • Readiness Assessment Report (RAR)
  • Documentation
  • POAM / SSP Review
  • Gap Example
  • Penetration Testing Requirements
  • Continuous Monitoring
  • Second and Third year Assessments
  • Executive Sponsorship
tv6yvzr018

Panelists

Steve Bjarnason

Technical Services Manager

As the Technical Services Manager, Steve will be responsible for executing the work as the lead including the day-to-day in your engagement. He serves as a 360 Advanced resident NIST SME. As a highly experienced leader in the cybersecurity space, Steve spent 22 years in the US Navy working in information security, systems security, physical security, personnel security, operations security, and cryptographic systems. He has nearly 15 years’ experience consulting on cyber projects for the DOD and federal agencies, including the Navy, Marine Corps, Missile Defense Agency, FBI, USPTO, and TSA. As a Technical Services Manager, Steve both leads and oversees many of our 360CyberCompli managed compliance and assessment services and is the resident NIST cybersecurity standards subject matter expert.

Read More...

David Brosi

Practice Director

As Practice Director and Engagement Executive, David will be accountable for overseeing the day-to-day work of our team including review of output to ensure quality of our services. Prior to joining 360 Advanced in 2022, David spent 12 years in PwC’s Cybersecurity Advisory Practice, his focus is on providing both advisory and attestation services specific to Governance Risk and Compliance (GRC), third party risk management, and cybersecurity risk and regulatory requirements aligned to common control frameworks. With 360 Advanced, David both leads and oversees our managed services line of business and NIST related engagements.

Read More...

Aaron Hamlin

Practice Leader, Cybersecurity Consulting

As Practice Leader of Cybersecurity Consulting at BARR Advisory, Aaron Hamlin oversees all facets of the firm’s cybersecurity consulting services, with a focus on helping clients meet rigorous regulatory standards across diverse industries. With over a decade of experience in government compliance, Aaron has served as a trusted advisor to organizations in sectors such as healthcare, utilities, and education. His background includes building and operationalizing high-impact compliance programs, most notably helping establish the VA’s FedRAMP program—a benchmark initiative in federal cybersecurity. Prior to joining BARR, Aaron led cybersecurity and compliance strategies for both commercial and federal entities, supporting more than 100 federal authorization efforts. Known for his people-first leadership and deep technical expertise, Aaron is dedicated to empowering BARR’s clients to see cybersecurity as a strategic advantage. He is a Certified Information Systems Security Professional (CISSP).

Read More...