BCR Cyber is the exclusive provider of technical proficiency testing of third party assessment organizations (3PAOs) under the A2LA Program Requirements in partnership with the Federal Risk and Authorization Management Program (FedRAMP). The BCR Cyber (BCR) Cybersecurity Technical Proficiency Activity is a real-time assessment of a simulated cloud environment. The purpose of the evaluation is to allow 2PAO’s to demonstrate a level of technical proficiency/knowledge.

Participating teams are provided four hours to review an abbreviated system security plan and assess a subset of 20 security controls for system implementation and configuration non-compliance issues using the examine, test, and interview assessment methods. At the conclusion of the activity, teams must document their analysis and risk recommendation in an abbreviated security assessment report and risk exposure table.

BCR Cyber has developed the capability to assess 3PAO assessor teams in a remote and decentralized format.