June 2017 Articles

FedRAMP Weekly Tips – June 29 2017

This week, FedRAMP published a weekly tip that discusses POA&Ms and testing evidence timeliness. Q: What purpose does the Plan of Action & Milestones (POA&M) document serve? A: The purpose of the POA&M is to facilitate a disciplined and structured approach to mitigating risks in accordance with the CSP’s risk mitigation strategy. The POA&Ms include...

FedRAMP Weekly Tips – June 22 2017

This week, FedRAMP published a weekly tip that discusses CSP transfers of ownership and ISSO assignments for a JAB P-ATO: Q: Is there an established process for what is supposed to occur when ownership of an authorized service transfers from one Cloud Service Provider (CSP) to another? A: If there were NO changes to the...

FedRAMP Weekly Tips – June 15 2017

This week, FedRAMP published a weekly tip that addresses Incident Response Plans and Security Assessment Reports: Q: Does FedRAMP provide a template for an Incident Response Plan? A: Security Control IR-8 requires CSPs to develop an Incident Response Plan (IRP). The IRP is a required document within security authorization packages. FedRAMP does not provide a...

FedRAMP Weekly Tips – June 8 2017

This week, FedRAMP published a weekly tip that addresses applying for an Agency High Baseline Authorization and an RAR Federal Mandate that is often overlooked: Q: What are some frequently asked questions for CSPs who currently hold an Agency Authorization to Operate (ATO) at the Moderate level, but wish to apply for an Agency High...

FedRAMP Weekly Tips – June 1 2017

This week, FedRAMP published a weekly tip that addresses common mistakes made by Cloud Service Providers (CSPs). Q: What are some common mistakes that arise when addressing Control Implementation statements? A: There are several mistakes that CSPs encounter when drafting their Control Implementation statements. Some of those include: Customer Responsibility The customer specific responsibility should...