Blog
This week, FedRAMP published two questions and answers for Cloud Service Providers (CSPs): Cloud Service Providers (CSPs) Q: The effort and/or costs are too great to remediate a vulnerability within the required time period. Is it acceptable to submit a risk adjustment in this situation? A: Generally, level of effort and/or cost of implementing a remediation...
This week, FedRAMP published two questions and answers for Cloud Service Providers (CSPs): Cloud Service Providers (CSPs) Q: What is the relationship between continuous monitoring and continuous diagnostics & mitigation (CDM) and ongoing authorization? A: The FedRAMP and CDM monitoring requirements are both based on NIST Special Publication 800-137 guidance for implementing an Information Security Continuous Monitoring...
This week, FedRAMP published two tips for Cloud Service Providers ( CSPs): Cloud Service Providers (CSPs) TIP: CSPs must address every vulnerability they submit as part of their continuous monitoring data. There are a few different options for managing those vulnerabilities. 1. Remediate the finding within the required timeframe. This should be the default approach...
This week, FedRAMP published two question and answers for Cloud Service Providers ( CSPs): Cloud Service Providers (CSPs) Q: What is the purpose of an Information System Contingency Plan (ISCP)? A: Each CSP must develop and maintain contingency plans to address operational disruptions. The contingency plan (and test results) provides management with an evaluation of the...