Former DoD. Become a 3PAO?

old.reddit.com / @/u/vintagenewstart, https://old.reddit.com/user/vintagenewstart

Retired military and former ISSO and have a few questions. I'm relatively new to Fedramp but am very versed in 800- series for RMF and CMMC/CUI systems.

I love the way Fedramp makes use of inheritance/reciprocity and think I would like to get in on the auditing side.

  1. Would I be competitive for 3PAO roles with only DoD experience? Only hold CISSP now.

  2. Would not having clearances hurt my chances? (expired)

  3. Is there any training for 3PAO's other than what's on the Fedramp site?

  4. Do 3PAO's do most of the auditing/assessment from the -53(a)?

submitted by /u/vintagenewstart
[link] [comments]

published 2 months ago


Previous

Can a FedRamp authorized product integrate a non-FedRamp authorized service?
published 2 months ago

Next

FedRAMP less granular?
published about 2 months ago
See all items from the same source