Pivot Point Security
PPS ISO 27001 Logo RPO Logo
Access The Latest Episodes from The Virtual CISO Podcast

FedRAMP Cost

How much does it cost to become FedRAMP Authorized?

FedRAMP Cost Factors

  • Scope: How many and how complex are the cloud services your company provides?
  • Approach: Agency or JAB? A JAB Authorization is generally more challenging to get through.
  • Risk: Does the data you are processing require Low, Moderate, or High security categorization for your FedRAMP authorization?
  • Current Information Security Maturity: How big is the “gap” between how you currently operate and the level of documentation you have to support that, and where you need to be to close that gap?
  • Resources: Do you have resources on-staff with the time and expertise to take you through the Authorization Process? Or will you need to hire a consulting firm to so that?

FedRAMP Cost Considerations

  • Preparation Cost: How much does it cost to get ready to be “certified” by the 3PAO?
    • Consultant Costs (if needed):
      • 80% likelihood to be $60K +/- $25K for Low Security Categorization
      • 80% likelihood to be $90K +/- $25K for Moderate Security Categorization
      • TBD for High Security Categorization (too early to estimate)
    • Capital Expenditures (if needed):
      • 80% likelihood to be < $40K for Low Security Categorization
      • 80% likelihood to be < $60K for Moderate Security Categorization
      • TBD for High Security Categorization (too early to estimate)
    • Certification Cost: How much does it cost to have the 3PAO perform the required testing?
      • 80% of Low Security categorizations would fall into a $TBD range (its uncommon to pursue low – so we have not yet seen enough 3PAO pricing to estimate)
      • 80% of Moderate Agency Security categorizations would fall into a $130K +/- $30K range
      • 80% of Moderate JAB Security categorizations would fall into a $200K +/- $50K range
    • Ongoing Operation & Continuous Monitoring Program Compliance: How much does it cost to maintain your Authorization?
      • TBD (requirements are still evolving at this time)

    As most of the early companies that are pursuing tend to be larger companies these numbers are likely skewed a bit in that direction.  However, the cost to implement a FedRAMP environment will not differ notably between a 50 person and a 5,000 person CSP as the process, controls, and required documentation is the same.

    fedramp-consultingfedramp-expert A 10-minute call with a consultant could save you hours of research.

Download FedRAMP Simplified Checklist

Review the necessary steps for FedRAMP “certification.”

fedramp-checklistDownload]

Contact a FedRAMP Expert

Speak with a FedRAMP expert to see if FedRAMP “certification” is right for you.

Contact