Closed reedloden closed 5 years ago
GSA will facilitate the initial LiSaaS assessment for a 1 year ATO. Offerors will be required to work with GSA and submit requested documentation expeditiously to achieve the initial 1 year ATO. FedRAMP Tailored assessment of the implemented controls may be performed by an independent trusted third-party, a FedRAMP Accredited Third-Party Assessment Organization (3PAO) at the vendor’s option and cost.
Question/Comment on TTS Bug Bounty RFQ
Name and affiliation
Reed Loden Director of Security HackerOne, Inc.
Section of RFQ documents
Addendum - Commercial Contract Clauses Low Impact Software as a Service (LiSaaS) – IT Security and Privacy Requirements https://github.com/18F/tts-buy-bug-bounty/blob/c0f3f6f4ad32be445694b45933621fb78da13c9f/2018-procurement/Addendum%20-%20Commercial%20Contract%20Clauses.md#low-impact-software-as-a-service-lisaas--it-security-and-privacy-requirements
Question/Comment
Is it expected that we use an external 3PAO for FedRAMP assessment, or would the GSA be our independent assessor?