...
Under the FedRAMP program, IBM is required to implement, document, and independently assess the controls prior to receiving an authorization to operate. Ongoing operations, security testing, remediation, and updated documentation are all required to be performed as documented in the System Security Plan. Significant changes to the FedRAMP environment require documentation and assessment as they are implemented. Annually, the IBM program is assessed by the 3PAO with a partial audit of areas of concern or of priorities established by the FedRAMP PMO.
Please see FedRAMP Service Descriptions link below. The offerings on this page are titled:
IBM Maximo EAM for U.S. Federal SaaS Flex
IBM Facilities and Real Estate Management on Cloud for US Federal (TRIRIGA)
https://www-03.ibm.com/software/sla/sladb.nsf/sla/usg