Home / Civilian / FedRAMP Issues 3 New Documents on Continuous Monitoring Process

FedRAMP Issues 3 New Documents on Continuous Monitoring Process

The Federal Risk and Authorization Management Program has released three new documents to clarify its process for continuously monitoring FedRAMP-authorized cloud service providers.

FedRAMP said Tuesday the new continuous monitoring documents include a draft of the “Automated Vulnerability Risk Adjustment Framework Guidance,” which is intended to help CSPs build and deploy an automated vulnerability risk adjustment tool for weaknesses detected by vulnerability scanners.

The draft guide is meant to support CSPs’ efforts to maintain or boost security as well as lessen the level of effort for scanner-related risk reductions.

FedRAMP also responded to requests from cloud companies that want to scan samples of system components rather than the entire system with a document titled “Guide for Determining Eligibility and Requirements for the Use of Sampling for Vulnerability Scans.”

CSPs can use the document as a guide on evaluating representative system components rather than scanning all components.

The third document named “Vulnerability Scanning Requirements” provides a known vulnerability severity scoring framework that supports the creation and use of an automated, Common Vulnerability Scoring System-based risk adjustment tool for vulnerabilities identified by vulnerability scanning systems.

The new documents add to a set of guides that FedRAMP issued in Jan. 31 to streamline and optimize the continuous monitoring process.

Check Also

Four Universities to Manage Nuclear Research Centers Under DOE NNSA Partnerships

The Department of Energy's National Nuclear Security Administration has selected four universities to operate new centers of excellence under a shared allotment of $40.5M. These new centers will work to foster collaboration between the NNSA and academia under the Stewardship Science Academic Alliances program, the DOE said Monday.

Leave a Reply

Your email address will not be published. Required fields are marked *