Hi,

We provide searchable maps with our SaaS and are currently providing services to the government. We have been doing so since prior to FedRAMP and they are requesting we become FedRAMP certified.

Relatively speaking we are a pretty small operation, 7 employees with lots of contractors.

Our product is pretty narrow in scope and we can operate it without collecting PII. We are SOC2 Type 2) and HIPAA compliant.

I am looking to understand the cost impact of the various baselines:

https://www.fedramp.gov/baselines/

I believe we would qualify for "FedRAMP Tailored Li-SaaS" and am wondering if there's a 3PAO that specializes in the low impact/Li-SaaS market and is priced accordingly.

Our current revenue from government clients doesn't eclipse some of the numbers I'm seeing for total costs and so this would be an investment in future opportunity and so I'm looking to minimize risk.

Just exploring this universe at the moment and so any feedback/advise is welcomed.

Thanks!