What is the primary role of a Third-Party Assessment Organization (3PAO) in the FedRAMP authorization process?
-
A
To independently test and evaluate a CSP's security controls and produce a Security Assessment Report
-
B
To grant the Authorization to Operate to the cloud service provider
-
C
To develop the System Security Plan on behalf of the CSP
-
D
To monitor the CSP's compliance after authorization is granted