Blog
This week, FedRAMP published two Tips for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) TIP: A CSP is required to submit a Significant Change Request (SCR) when they intend to change their vulnerability scan tool. While the requirement for notification is a minimum of 30 days before implementing a significant change, in order to allow enough time...
This week, FedRAMP published two Tips for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) TIP: When possible, upload embedded documents as System Security Plan (SSP) attachments as an additional method for document retrieval. This is helpful for when embedded links are broken. For example, if a document is converted to PDF, embedded documents will no...
This week, FedRAMP published one Tip for Federal Agencies and one Tip for Cloud Service Providers(CSPs): Federal Agencies TIP: For a Cloud Service Offering (CSO) that is a combination of one authorization leveraging another (e.g. a SaaS leveraging a IaaS), Agency customers should assess the combined risk of the two systems Authorizing Officials should make...
This week, FedRAMP published two Tips for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) Tip: Boundaries for FedRAMP Cloud Service Offerings (CSOs) must have established demarcation points. This means that entry and exit points must be limited, centralized, and well controlled and applies even for a Platform as a Service (PaaS). Cloud Service Providers (CSPs)...
This week, FedRAMP published two Q&A’s for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) Q: When is the distinction between an Operational Requirement (OR) and a Vendor Dependency (VD)? A: An OR is a weakness that has a fix available but the fix cannot be applied without impacting the full operation of the system. A VD...