The Federal Risk and Authorization Program (FedRAMP) is permitting remote testing of certain data centers run by cloud service providers.
Third-party assessment organizations or 3PAOs may be allowed to remotely conduct security testing of data centers for annual and initial assessment authorizations in accordance with the COVID-19 pandemic safety guidelines issued by the Centers for Disease Control and Prevention, according to a FedRAMP blog post published Tuesday.
FedRAMP calls on 3PAOs to refer to local or state health agencies for updates with regard to travel, stay-at-home orders, testing and quarantine requirements and seek permission from the authorizing official and outline their request prior to conducting remote assessments.
“All remote testing must be explicitly detailed in the Security Assessment Plan (SAP) as well as any test cases used and any modifications to the test cases that were made to facilitate the remote testing,” the blog post states.
