FedRAMP Issues Updated Guidance Doc on Reporting Information Security Incidents

FedRAMP Issues Updated Guidance Doc on Reporting Information Security Incidents
OCONUS Cloud Strategy

The Federal Risk and Authorization Management Program (FedRAMP) has updated a document that details the roles and responsibilities of each stakeholder in the cyber incident communication process.

The updated FedRAMP Incident Communications Procedures document includes a response to the Cybersecurity and Infrastructure Security Agency’s (CISA) Emergency Directives and the appropriate timeframes for reporting information regarding security incidents, according to a blog post published Thursday.

Cloud service providers (CSPs) must report data security incidents to customers who are impacted, U.S.-Computer Emergency Readiness Team (CERT) and FedRAMP points of contact within one hour of being identified by the information technology department or computer security incident response team.

CSPs should maintain current contact information of FedRAMP POCs, include the required data elements when reporting to US-CERT and collaborate with the program’s POCs when using automated mechanisms for incident reporting. The provider is responsible for managing the recovery phase of the incident response life cycle and providing a post-incident activity report to their FedRAMP POCs.

“Additionally, CSPs are responsible for responding to emergency inquiries from FedRAMP, including those that are the result of the issuance of CISA Emergency Directives,” the document reads.

The guidance document also outlines the actions the Joint Authorization Board reviewers must take upon receipt of notification from a cloud provider. 

Defense Cybersecurity ForumTo register for this virtual forum, visit the GovConWire Events page.

You may also be interested in...

Frank Kendall

Air Force Secretary Frank Kendall Vows to Focus on Mission Fulfillment

Frank Kendall, a former acquisition chief at the Department of Defense (DOD) and a three-time Wash100 Award winner, was sworn in Wednesday as secretary of the Air Force. "I will be totally focused on ensuring that our Air and Space Forces can fulfill their missions to defend the nation against our most challenging threats, today and into the future,” the 26th SecAF said.