Blog
This week, FedRAMP published two Tips for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) TIP: If an optional feature in a CSP’s product affects the customer’s security responsibilities, these customer responsibilities need to be notated in the Customer Responsibility Matrix. In addition, the feature must be explicitly identified as being applicable for customers who purchase...
This week, FedRAMP published two Tips for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) TIP: The rationale for Risk Adjustment (RA) and Operational Requirement (OR) provided in deviation requests should be based exclusively on risk (e.g., description of the likelihood and/or impact if the vulnerability was exploited and why), not availability or priority of resources. For the...
This week, FedRAMP published two Tips for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) TIP: When submitting final documents, please also provide extracted versions of embedded documents. This will facilitate the preparation of the final package for customer review. Cloud Service Providers (CSPs) TIP: In the System Security Plan (SSP), control CA-3 (3) “CA-3, Control...