A2LA offers accreditation of cybersecurity organizations to instill confidence in the quality of the independent assessment services to various compliance regimes.
The Cybersecurity Inspection Body Program was created to provide added trust and assurance in the quality of assessments performed by our accredited organizations. A2LA’s third-party accreditation offers an independent review of an organization’s compliance to both ISO/IEC 17020 (Requirements for the operation of various types of bodies performing inspections) as well as competence in technical program requirements for the desired scope of accreditation (I.e. NIST 800-171, NIST 800-53/800-53a, SOC II, HIPAA/HITECH, PCI, etc.).
Organizations accredited under this program will be known as Independent Assessment Organizations (IAOs). Accreditation as an IAO functions as the initial step to becoming a FedRAMP 3PAO. IAOs must hold a Cybersecurity Inspection Body Program Accreditation for a minimum period of 1 year before being considered for FedRAMP 3PAO status. For more information, visit the FedRAMP 3PAO program page.
Please note that A2LA accreditation to the requirements of a given inspection scheme is not meant to replace an existing approval process through the scheme owner.
This specialty program is covered under the A2LA Inspection Body Accreditation Program.
Program Requirements
- ISO/IEC 17020 Requirements for the Operation of Various Types of Bodies Performing Inspection
- ILAC P15 – Application of ISO/IEC 17020 for the Accreditation of Inspection Bodies
- R335 – Specific Requirements: Cybersecurity Inspection Body Program