As a FedRAMP-accredited 3PAO independent assessor, Excentium has demonstrated expertise performing independent security assessments for government and commercial business. Years of experience in Federal cybersecurity compliance for Civilian and Department of Defense (DoD) organizations have given us a competitive advantage.

Excentium’s proven 3PAO independent assessment team has the industry experience to intelligently assess the security posture of any Cloud Service Provider’s (CSP) service model offering (IaaS; PaaS; SaaS) in a way that applies the intention of all National Institute of Standards and Technology (NIST)/FedRAMP security controls. Our 3PAO team has subject matter experts in software and technical architecture analysis, cloud security, security management strategies, and operational procedures, providing additional security assurances of government information residing in the Cloud.

Excentium ensures that independence, impartiality and integrity are maintained at all levels of our organization during the entire project life cycle of an inspection engagement, from business development, contract execution, to project initiation and project close out. We remain focused on providing an independent, impartial, and professional 3PAO independent assessment services.

Our organization and management structure is tailored to this type of engagement and is structured to provide a comprehensive and integrated approach to managing 3PAO independent assessment efforts under a resulting contract. Our project management principles align with the Project Management Body of Knowledge (PMBoK). Our organizational structure promotes program control, streamlines communication, and effectively manages simultaneous work assignments for the duration of each contract.

Some of the services associated with the FedRAMP requirement that Excentium offers include:

  • FedRAMP Preparedness/Assessment and Authorization (A&A)
  • 3PAO Engagement
  • Security Assessment Plan (SAP) development
  • Security Control Assessment (SCA)
  • Security Control interviews
  • Physical Security Assessment
  • Compliance testing
  • Penetration testing
  • Security Assessment Report (SAR) development
  • Security Assessment Package (SAP) submission