This week, FedRAMP published two Tips for Cloud Service Providers(CSPs):
Cloud Service Providers (CSPs)
TIP: Using a graphic to depict a security authorization boundary is crucial for an assessor to fully understand the security enclave that is being addressed by the CSP.
The Boundary Diagram is essential in that it provides a depiction and understanding of the components managed within the boundary as well as systems that are leveraged external to the boundary (such as the hosting IaaS) and interconnections. Further guidance on preparing the Boundary Diagram can be found on our Documents page in a document titled “FedRAMP Authorization Boundary Guidance.”
Cloud Service Providers (CSPs)
Q: The new Vulnerability Deviation Request Form has changed from a PDF to Excel format. Can we add all Deviation Requests (DRs) to one spreadsheet, or do we have to submit a new spreadsheet for each DR?
A: You can add all DRs to one spreadsheet so each row on the excel file can be a new DR.
More Information
Read more about this week’s FedRAMP’s Tips and cues here