Comment by jcrawfordor

From my background with FedRAMP, a firm's involvement in FedRAMP assessments does not improve my confidence in them. :)

That said, yes, Coalfire is large enough and old enough that I would be very surprised if they made such a mistake - but I still think it's quite possible. Consider that such an established firm would also be absolutely expected to coordinate this kind of testing with the PD beforehand - a blind test of a PD's response on a contract with another agency of the state government is something I have never heard of before and raises huge concerns for personal safety and taxpayer expense. I would consider Coalfire to also be extremely irresponsible for knowingly entering such a situation.