Open BKozisek7 opened 6 years ago
As is indicated in the RFQ section 12 Clause Addendum, FedRAMP Tailored or a FedRAMP Low assessment would be sufficient. A FedRAMP Moderate or High assessment would qualify, but is not necessary. GSA will sponsor the vendor for a FedRAMP Tailored certification, which involves working with the vendor to assist in the FedRAMP process. For more information about FedRAMP Tailored, please see https://tailored.fedramp.gov/.
Question/Comment on TTS Bug Bounty RFQ
Name and affiliation
Brett Kozisek Director Synack Inc.
Section of RFQ documents
RFQ Section 12 - Addendum - https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/RFQ.md#120-attachments https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/Addendum%20-%20Commercial%20Contract%20Clauses.md The Commercial Contract Clauses document calls for the vendor to obtain FedRamp certification for their platform.
Question/Comment
Can the government confirm the type of certification that is expected (i.e. PaaS, SaaS)?
Is it the intent of the government to sponsor the vendor in their certification?
Is there any other support provided by the Government for the vendor throughout this process?