3PAO Articles

FedRAMP Weekly Tips – August 17 2017

This week, FedRAMP published questions and answers that discuss FedRAMP documents, and points of contact: Q: What information does the FedRAMP PMO require for Contingency Plans and Incident Response Plans, and for testing them? A: You must use the Contingency Plan template from the Templates section of the FedRAMP website, at https://www.fedramp.gov/resources/templates-2016/. In Section 6,...

FedRAMP Weekly Tips – July 20 2017

This week, FedRAMP published two tips that discuss Cloud Service Offering Assessments and the requirements for a security assessment report and readiness assessment report: TIP: What does a typical Third Party Assessment Organization (3PAO) Team performing a Cloud Service Offering (CSO) assessment look like according to FedRAMP? FedRAMP requires that all assessments must be staffed by an...

FedRAMP Weekly Tips – July 13 2017

This week, FedRAMP published a weekly tip that discusses requirements for vulnerability scanning: Q: What are the FedRAMP requirements for vulnerability scanning? A: Vulnerability scanning must occur for Operating System (OS)/ infrastructure, databases, and web application components in the Cloud Service offering authorization boundary. The scanning parameters for the components must be defined in the Security...