This week, FedRAMP published two Tips for Cloud Service Providers(CSPs):
Cloud Service Providers (CSPs)
TIP: If an optional feature in a CSP’s product affects the customer’s security responsibilities, these customer responsibilities need to be notated in the Customer Responsibility Matrix.
In addition, the feature must be explicitly identified as being applicable for customers who purchase the optional feature.
Cloud Service Providers (CSPs)
TIP: CSPs must submit a risk adjustment (RA) deviation request(DR) for any High impact vulnerabilities that are also vendor dependencies.
High impact vendor dependencies must be risk adjusted to at least a Moderate. Make sure to include any mitigation methods/compensating controls.
More Information
Read more about this week’s FedRAMP’s Tip and cues here
