Skip to main content
WhyHow It WorksFeaturesPricingBlog
Sign inRequest demo
FRD-ASRStakeholderImplementation guide coming soon

Assessor

Also: assessor, assessors

Definition

Verbatim from FedRAMP/rules

An assessor that performs assessment, verification, or validation activities for a cloud service offering seeking to obtain or maintain FedRAMP Certification; FedRAMP is the final assessor for FedRAMP Certification, but FedRAMP Recognized independent assessment services are typically also utilized.

Notes

  • FedRAMP has transitioned from using the historical term "Third-Party Assessment Organization (3PAO)" to align with the explicit terminology used in the FedRAMP Authorization Act and to avoid the confusion caused when the same organizations provide both assessment and advisory services to different customers while being referred to as a 3PAO.

Used in 7 rule requirements

This term is a defined part of the following FedRAMP rule requirements — when it appears in a rule, this definition applies precisely.

CCM-QTR-RTPFRA-CSO-RAAFRA-CSO-STEIFR-CLA-IVVOFR-CSO-IVVSCN-CSO-INFSCN-TRF-TPR

Change history

  • 2026-07-04Initial reset for the Consolidated Rules for 2026 Public Preview.

Source of truth: FedRAMP/rules. Definitions are published verbatim; Boundera adds cross-references and implementation context.