System Se Articles

FedRAMP Weekly Tips & Cues – September 5, 2018

This week, FedRAMP published two Tips for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) TIP: Submitting an Operational Requirement Deviation Request (DR) is typically acceptable when updating the host would break FIPS compliance. However, it is critical that CSPs continuously re-evaluate FIPS certification to determine when updates become FIPS compliant. Consequently, the Operational Requirements would no...

FedRAMP Weekly Tips & Cues – July 25, 2018

This week, FedRAMP published two tips for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) TIP: To access the document that lists all of the cryptographic modules that have been submitted for evaluation and are currently in process, please visit: http://csrc.nist.gov/groups/STM/cmvp/inprocess.html The title of the document is “Cryptographic Module Validation Program FIPS 140-2 Modules In Process List“...

FedRAMP Weekly Tips & Cues – July 18, 2018

This week, FedRAMP published two tips for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) TIP: In Table 4-1 of the SAR, please ensure that the columns, “Risk Statement” and “Mitigating Controls/Factors” contain the following information: Risk Statement: Provide a risk statement that describes the risk to the business. Indicate whether the affected host(s) is/are internally or...

FedRAMP Weekly Tips & Cues – July 11, 2018

This week, FedRAMP published two Q&A’s for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) Q: For my JAB P-ATO package, who should I list as the FedRAMP POC in my SSP and other package documents? A: For the SSP main document (excluding operational documents) the FedRAMP POC should be info@fedramp.gov. For procedural docs that include interaction around...

FedRAMP Weekly Tips & Cues – June 27, 2018

This week, FedRAMP published two Tips for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) TIP: TLS version 1.1, or higher, must be fully implemented for both public-facing and internal interfaces by July 1, 2018, in accordance with the FedRAMP Transport Layer Security (TLS) Requirements. Control documentation should contain sufficient detail to describe TLS implementation for both public-facing and...