This week, FedRAMP published two Tips for Cloud Service Providers(CSPs):
Cloud Service Providers (CSPs)
TIP: When possible, upload embedded documents as System Security Plan (SSP) attachments as an additional method for document retrieval.
This is helpful for when embedded links are broken. For example, if a document is converted to PDF, embedded documents will no longer be accessible.
Cloud Service Providers (CSPs)
TIP: ALL non-scan findings need to be addressed in the Plan of Action & Milestones.
However, all scan findings, including those found in the Security Assessment Report (SAR) scans only need to be converted over to the monthly POA&M when late, unless they are related to a Deviation Request (DR).
More Information
Read more about this week’s FedRAMP’s Tip and cues here
