This week, FedRAMP published two Tips for Cloud Service Providers(CSPs):
Cloud Service Providers (CSPs)
TIP: When submitting final documents, please also provide extracted versions of embedded documents.
This will facilitate the preparation of the final package for customer review.
Cloud Service Providers (CSPs)
TIP: In the System Security Plan (SSP), control CA-3 (3) “CA-3, Control Enhancement 3” should be implemented.
TIC compliant architectures are required through the FedRAMP security controls baseline. TIC compliance is a hybrid responsibility — CSPs must have an architecture that supports TIC, and Agencies must enforce TIC routing and compliance.
More Information
Read more about this week’s FedRAMP’s Tip and cues here
