I’m super new to FedRAMP/StateRAMP and was curious how does an organization become a 3PAO? Costs, prerequisites, exams, certifications, etc. I’ve been trying to do some research on my own, but am finding very little. The main things that I’m seeing are the A2LA assessment, NIST requirements, and having a quality management system (QMS). If someone could please explain the process in depth I would really appreciate it.