This week, FedRAMP published two Q&A’s for Cloud Service Providers(CSPs):
Cloud Service Providers (CSPs)
Q: How can the CSP access the redline version of the New FedRAMP SSP template?
A: Please email info@fedramp.gov to request the redlined version of the New SSP templates. We will send you zip file with all of the SSPs (including the LI-SaaS Appendix B). There are many formatting changes and other minor corrections, but the major changes are as follows:
1) Alignment with NIST 800-63-3 Digital Identity Requirements (Section 2.3, IA-5, Attachment 3)
2) Updated reference to boundary guidance document (Section 9.2)
3) Updated vulnerability remediation requirements (RA-5)
Cloud Service Providers (CSPs)
Q: Is a CSP required to submit a Significant Change Request for combining or consolidating an already approved Infrastructure as a Service (IaaS) and Platform as a Service (PaaS)?
A: A significant change request is required to consolidate systems, even if both are already authorized. Please complete our Significant Change Form Template found on the FedRAMP Templates Page.
Read more about this week’s FedRAMP’s Tips and cues here