3PAO Assessor Portal
This portal hands off the System Security Plan, POA&M, FIPS 140 module sheets, audit log samples, and network diagrams to a named 3PAO for FedRAMP assessment. Evidence access is gated and fully audit-logged so the chain of custody is preserved.
How the handoff works
Assessors initiate engagement by email and Pyrenth provisions a time-boxed assessor session through Better Auth magic-link. The gated portal serves the SSP, POA&M, control matrix, subprocessor list, and OSCAL evidence search, and every artifact access is logged via auditLogger so the SAR reflects exact retrieval times.
Step 1. Engagement
Submit your work email, 3PAO accreditation, and ATO engagement reference through the request form. Pyrenth confirms within one business day and issues a single-use magic link scoped to the evidence portal.
Request an assessor sessionPrefer email? Reach assessor@pyrenth.app with the engagement letter, 3PAO accreditation, and named assessor roster.
Step 2. Assessor session
Pyrenth issues a Better Auth magic-link session scoped to the evidence portal. Sessions expire after the engagement window closes. Every access is logged.
Step 3. Evidence retrieval
Assessors retrieve the SSP, POA&M, audit samples, FIPS 140 module sheets, KMS rotation evidence, and network diagrams from the gated portal. Pyrenth supplies live runtime probe output on request.
Step 4. SAR review
Pyrenth reviews the Security Assessment Report and tracks remediation through the POA&M cadence already established in the runtime probe stream.
Public Trust Center
The public-facing scorecard with framework summaries and the live PASS/FAIL/NA matrix is at /trust. The public surface never exposes PHI or raw evidence.