FedRAMP Issues Guidance for Container-Based Cloud Vulnerability Scanning

FedRAMP Issues Guidance for Container-Based Cloud Vulnerability Scanning
AWS Secret Region IL-6

The Federal Risk and Authorization Management Program (FedRAMP) has released a document for vulnerability scanning procedures involving container technology for cloud environments.

FedRAMP said Tuesday that the Vulnerability Scanning Requirements for Containers guidance details standards for security considerations, processes and architectures in line with the assessments of cloud service providers during a technical exchange meeting.

The requirements are applicable to systems implementing containerization concepts including security sensors, hardened images, registry monitoring, asset management and orchestration.

According to the document, such guidelines are meant to address risks to containerization technology such as nonstandard configurations, invalidated external software, unauthorized access, unmanaged repositories and unmonitored communications between containers.

The guide also serves as a supplement for scanning requirements detailed in the FedRAMP Continuous Monitoring Strategy Guide.

You may also be interested in...

Leidos Algorithm for TSA Prohibited Item Detection Moves to Certification Phase

A new Automatic Prohibited Item Detection (APID) machine learning-based algorithm for identifying non-explosive weapons and other …