The Federal Risk and Authorization Management Program (FedRAMP) has updated a document that details the roles and responsibilities of each stakeholder in the cyber incident communication process.
The updated FedRAMP Incident Communications Procedures document includes a response to the Cybersecurity and Infrastructure Security Agency’s (CISA) Emergency Directives and the appropriate timeframes for reporting information regarding security incidents, according to a blog post published Thursday.
Cloud service providers (CSPs) must report data security incidents to customers who are impacted, U.S.-Computer Emergency Readiness Team (CERT) and FedRAMP points of contact within one hour of being identified by the information technology department or computer security incident response team.
CSPs should maintain current contact information of FedRAMP POCs, include the required data elements when reporting to US-CERT and collaborate with the program’s POCs when using automated mechanisms for incident reporting. The provider is responsible for managing the recovery phase of the incident response life cycle and providing a post-incident activity report to their FedRAMP POCs.
“Additionally, CSPs are responsible for responding to emergency inquiries from FedRAMP, including those that are the result of the issuance of CISA Emergency Directives,” the document reads.
The guidance document also outlines the actions the Joint Authorization Board reviewers must take upon receipt of notification from a cloud provider.