BCR Cyber is the exclusive provider of technical proficiency testing of third party assessment organizations (3PAOs) under the American Association for Laboratory Accreditation (A2LA) program requirements in partnership with the Federal Risk and Authorization Management Program (FedRAMP). The BCR Cyber Cybersecurity Technical Proficiency Activity is a real-time assessment of a simulated cloud environment. The purpose of the evaluation is to allow 3PAO’s to demonstrate a level of technical proficiency/knowledge.

Participating teams are provided four hours to review an abbreviated system security plan and assess a subset of 20 security controls for system implementation and configuration non-compliance issues using the examine, test, and interview assessment methods. At the conclusion of the activity, teams must document their analysis and risk recommendation in an abbreviated security assessment report and risk exposure table.

BCR Cyber has successfully developed the capability to conduct remote and decentralized assessments for 3PAO assessor teams. This approach ensures flexibility and convenience while maintaining the integrity and effectiveness of the evaluation process.