System Se Articles

FedRAMP Weekly Tips – March 21, 2018

This week, FedRAMP published two Q&A’s for Cloud Service Providers(CSPs): Cloud Service Providers (CSPs) Q: When completing the Security Assessment Report (SAR), is it appropriate to assign the same values to tables F-1 and F-2 for the initial assessment? What about assigning the same values to ES-1, F-1, and F-2 for the annual assessment if there...

FedRAMP Weekly Tips & Cues -March 14, 2018

This week, FedRAMP published two questions and answers for Cloud Service Providers (CSPs): Cloud Service Providers (CSPs) Q: Are there any alternative formats available to help facilitate reviews? Sometimes scan files are in a format that does not allow reviewers to do their analysis with common tools. A: For the Security Assessment Report (SAR), always provide scan...

FedRAMP Weekly Tips & Cues -March 7, 2018

This week, FedRAMP published two questions and answers for Cloud Service Providers (CSPs): Cloud Service Providers (CSPs) Q: I received a request from a Federal Agency to review my system’s Provisional Authorization to Operate (P-ATO) letter, and I am concerned that sharing the letter will violate sensitivity policies. Is it appropriate to share an authorization letter...

FedRAMP Weekly Tips & Cues -February 28, 2018

This week, FedRAMP published two questions and answers for Cloud Service Providers (CSPs): Cloud Service Providers (CSPs) Q: In the updated Continuous Monitoring Strategy Guide, I noticed there is now a defined “due date” for low vulnerabilities. Does my service offering have to implement that immediately? A: The FedRAMP Continuous Monitoring Strategy Guide now requires low vulnerabilities to be remediated/mitigated...