Azure FedRAMP Compliance Articles

FedRAMP Weekly Tips & Cues – January 17, 2018

This week, FedRAMP published two questions and answers for Cloud Service Providers ( CSPs): Cloud Service Providers (CSPs) Q: What is the relationship between continuous monitoring and continuous diagnostics & mitigation (CDM) and ongoing authorization? A: The FedRAMP and CDM monitoring requirements are both based on NIST Special Publication 800-137 guidance for implementing an Information Security Continuous...

FedRAMP Weekly Tips- December 14, 2017

This week, FedRAMP published two questions and answers. One for Cloud Service Providers (CSPs) and one for Third Party Assessment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: How should a CSP address platform scope within the System Security Plan (SSP)? A: There are multiple platforms/platform groups in a system as identified by the inventory. A platform has...

FedRAMP Weekly Tips- December 7, 2017

This week, FedRAMP published two questions and answers. One for Cloud Service Providers (CSPs) and one for Third Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: I referenced a document in my System Security Plan (SSP), but did not provide the referenced document because it contains proprietary or sensitive information. How will this affect my...

FedRAMP Weekly Tips- November 30, 2017

This week, FedRAMP published two questions and answers. One for Cloud Service Providers (CSPs) and one for Third Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: What are the roles and responsibilities of the third party assessment organization (3PAO) and the cloud service provider (CSP) during the assessment? A: While FedRAMP certifies 3PAOs to perform security...

FedRAMP Weekly Tips- November 23, 2017

This week, FedRAMP published two questions and answers. One for Cloud Service Providers (CSPs) and one for Third Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: How do policies and procedures differ from the System Security Plan (SSP)? A: Policies and procedures are a critical supplement to the SSP and are required by the first control...

FedRAMP Weekly Tips- November 9, 2017

This week, FedRAMP published  two questions and answers. One for  Cloud Service Providers (CSPs) and  one for Third Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: Why is it important to maintain consistency between the security control implementation statements and the technical diagrams in the System Security Plan (SSP)? A: The security control implementation statements...