The American Association for Laboratory Accreditation has updated the requirements for third-party assessment organizations seeking A2LA accreditation under the Federal Risk and Authorization Management Program.
FedRAMP said Tuesday the updated version of the A2LA R311 policy provides additional certification options for the penetration tester role and requires that 3PAOs declare any foreign ownership, control or influence operations as part of initial and subsequent renewal applications.
The updated policy also creates a digital format for the F337 and F338 feedback forms for cloud providers and 3PAOs and clarifies that a 3PAO is no longer eligible to get accreditation if revoked twice by FedRAMP.
A2LA updated the policy in July 2021 to add personnel qualifications, training plan time durations and subcontracting requirements.
