This week, FedRAMP published one Q&A and one Tip for Cloud Service Providers(CSPs):
Cloud Service Providers (CSPs)
Question: Does a CSP need to submit an Significant Change Request (SCR) for a system name change?
Answer: CSPs are not required to submit an SCR for a system name change. However, CSPs are required to notify the FedRAMP PMO and the JAB of their intended name change. CSPs must also notify the PMO of any new logos, contact information, website address, system description, etc.
Cloud Service Providers (CSPs)
TIP: RA-5 Vulnerability Scanning for PaaS CSPs and Customers is a shared responsibility.
CSPs are responsible for scanning the PaaS infrastructure and the support systems used to provide services to their customers. The PaaS customers are responsible for data and application configurations running within their subscribed spaces. It is also their responsibility to ensure that those configurations do not introduce risks to their environments by running their own scans.
Read more about this week’s FedRAMP’s Tip and cues here