FedRAMP Issues New Documents, Updates to Optimize Continuous Monitoring Process

The Federal Risk and Authorization Management Program has released new documents and updated existing guides in an effort to streamline, clarify and optimize its continuous monitoring processes.

FedRAMP said Wednesday the new and updated documents integrate feedback from cloud service providers and Joint Authorization Board review teams.

The documents are intended to clarify certain elements of the continuous monitoring program; address parts of the process that were previously undocumented; and establish structure in aspects of the process that CSPs and JAB reviewers interpret differently.

FedRAMP updated the Continuous Monitoring Performance Management Guide; Vulnerability Deviation Request FormPlan of Action and Milestones Template Completion Guide; POA&M TemplateSignificant Change Form and the Continuous Monitoring Strategy & Guide.

The program also published the Digital Identity Requirements document to guide companies on digital identity capabilities needed to achieve and maintain a FedRAMP-compliant security authorization.

Other new guidances include the Transport Layer Security Requirements and the FedRAMP Continuous Monitoring Monthly Executive Summary.

FedRAMP will also release two new documents that will address vulnerability scanning later this year.

You may also be interested in...

Robert Wood

Robert Wood: CMS to Adopt Security-Oriented Standard for Software Bill of Materials

Robert Wood, chief information security officer at the Centers for Medicare and Medicaid Services (CMS), said that the CMS has started to lay the groundwork for how the agency incorporates a security-oriented software bill of materials into information systems, Nextgov reported Friday.

Leave a Reply

Your email address will not be published. Required fields are marked *