The Federal Risk and Authorization Management Program has released new documents and updated existing guides in an effort to streamline, clarify and optimize its continuous monitoring processes.
FedRAMP said Wednesday the new and updated documents integrate feedback from cloud service providers and Joint Authorization Board review teams.
The documents are intended to clarify certain elements of the continuous monitoring program; address parts of the process that were previously undocumented; and establish structure in aspects of the process that CSPs and JAB reviewers interpret differently.
FedRAMP updated the Continuous Monitoring Performance Management Guide; Vulnerability Deviation Request Form; Plan of Action and Milestones Template Completion Guide; POA&M Template; Significant Change Form and the Continuous Monitoring Strategy & Guide.
The program also published the Digital Identity Requirements document to guide companies on digital identity capabilities needed to achieve and maintain a FedRAMP-compliant security authorization.
Other new guidances include the Transport Layer Security Requirements and the FedRAMP Continuous Monitoring Monthly Executive Summary.
FedRAMP will also release two new documents that will address vulnerability scanning later this year.