FedRAMP Weekly Tips & Cues – August 22, 2018

This week, FedRAMP published two Tips for Cloud Service Providers(CSPs):

Cloud Service Providers (CSPs)

TIP: When possible, upload embedded documents as System Security Plan (SSP) attachments as an additional method for document retrieval.

This is helpful for when embedded links are broken. For example, if a document is converted to PDF, embedded documents will no longer be accessible.

Cloud Service Providers (CSPs)

TIP: ALL non-scan findings need to be addressed in the Plan of Action & Milestones.

However, all scan findings, including those found in the Security Assessment Report (SAR) scans only need to be converted over to the monthly POA&M when late, unless they are related to a Deviation Request (DR).

More Information

Read more about this week’s FedRAMP’s Tip and cues here

Free Chatbot Call-To-Action