Blog
This week, FedRAMP published QA and a tip that discusses 3PAO templates and POA&Ms: Q: When does a 3PAO have to use a new FedRAMP template and why? A: The FedRAMP PMO office does not like to cause extra effort, but we do prefer that the latest templates be used where it makes sense and is feasible,...
This week, FedRAMP published two tips that discuss Cloud Service Offering Assessments and the requirements for a security assessment report and readiness assessment report: TIP: What does a typical Third Party Assessment Organization (3PAO) Team performing a Cloud Service Offering (CSO) assessment look like according to FedRAMP? FedRAMP requires that all assessments must be staffed by an...
This week, FedRAMP published a weekly tip that discusses requirements for vulnerability scanning: Q: What are the FedRAMP requirements for vulnerability scanning? A: Vulnerability scanning must occur for Operating System (OS)/ infrastructure, databases, and web application components in the Cloud Service offering authorization boundary. The scanning parameters for the components must be defined in the Security...