Information Technology Company, LLC (ITC) offers a best in class partnership in helping government agencies, commercial organizations and Cloud Service Providers (CSP) with Federal Risk Authorization Management Program (FedRAMP) compliance. Built on ITC’s long relationship providing audit support with the Government Accountability Office (GAO) the company combines technology, proven methodologies, and experience to help its customers reduce risk and achieve maximum security.
Two Distinct Services
We offer two distinct services for your needs: FedRAMP Consultation Services and FedRAMP Assessment Services.
FedRAMP Consultation Services
ITC aims to successfully produce an Authority to Operate (ATO) for a client system from the FedRAMP Joint Adjudication Board (JAB). We guide CSPs through the disciplined multi-step FedRAMP assessment process, from initial current environment inventory; through full documentation of capabilities, processes, and security; to final and ongoing documentation of satisfied requirements. This leads to a comprehensive, consistent, coordinated, and compelling certification package.
ITC can analyze your existing cloud environment and offer a detailed analysis identifying deficiencies and red flag items before submitting to a full assessment. This would include assistance in developing a System Security Pan (SSP) and review of CSP Security Controls, Documentation, and Procedures. ITC can also assist in finalizing your submission documents.
Some of our the services we provide include: Required Documentation Preparation and Review, Gap Analysis, System Architecture Review, Security Control Implementation, Penetration Testing, Vulnerability Remediation and Personnel Training.
FedRAMP Assessment Services
As a certified 3rd Party Assessment Organization (3PAO), ITC can certify your company’s cloud service offering and provide a Security Assessment Report (SAR). ITC provides a thorough assessment of an entire system’s susceptibility to security attacks and identifies the organization’s ability to defend, respond, and combat threats. The company uses in-depth processes to fully ascertain whether threats are realistic and if existing security measures can adequately address them.
ITC’s strength lies in its team of industry personnel. Each carries extensive ST&E, C&A and Independent Verification and Validation (IV&V) experience and works closely with each customer to assist in achieving total security risk mitigation and a successful assessment process.