This week, FedRAMP published two Tips for Cloud Service Providers(CSPs):
Cloud Service Providers (CSPs)
Tip: Boundaries for FedRAMP Cloud Service Offerings (CSOs) must have established demarcation points.
This means that entry and exit points must be limited, centralized, and well controlled and applies even for a Platform as a Service (PaaS).
Cloud Service Providers (CSPs)
Tip: Ensure that any FIPS 140-2 modules in use have an active, current, and valid certification.
Document FIPS 140-2 certification/validation numbers and dates in the SSP and ensure that the certification is relevant. It is also crucial that the modules remain active and unchanged during the initial P-ATO testing period.
More Information
Read more about this week’s FedRAMP’s Tip and cues here
