FedRAMP Assessment & Consulting Services
Prepare for a FedRAMP Authorization With Kratos’ Gap Analysis
Contact Us
As a designated Third-Party Assessment Organization (3PAO), Kratos works with Cloud Service Providers (CSPs) to help ensure their readiness to proceed with the 3PAO assessment process. Kratos’ pre-assessment service is based on a gap analysis that determines an organization’s current “baseline” as it relates to FedRAMP compliance.
The gap analysis determines the capability of the CSP offering to meet the FedRAMP impact level requirements. The gap analysis services will encompass all applicable FedRAMP controls and output the following key deliverables:
Risk Traceability Matrix (RTM)
The RTM captures the detailed results of the control evaluations performed as part of a gap analysis. Delivered in a spreadsheet, the table includes all applicable FedRAMP controls and the results of the review. All areas deemed to have a gap include recommendations and identify the type of gap (Documentation, Process/Operations, and Engineering).
Gap Breakdown
The gap breakdown will logically group identified gaps into remediation categories to assist in prioritization and resource allocation:
- Minor Engineering (e.g., configuring a system component)
- Minor Operational/procedural (e.g., changing an organizational process)
- Major Engineering/Operational (e.g., implementing a new component or process)
Gap Analysis Briefing
The gap analysis briefing will provide management an overview of the gap analysis results, including summary information of identified gaps by type and additional context to inform subsequent remediation strategies. Priority issues are also identified so they can be discussed further to ensure full understanding of any potential roadblocks.