Acquisition

FedRAMP issues new continuous monitoring guidance and requirements

FedRAMP issued new documents detailing the requirements needed for automated scanning.

March 21, 2018

(Getty Images)

The Federal Risk and Authorization Management Program (FedRAMP) issued three new documents Tuesday outlining continuous monitoring guidance and requirements for cloud service providers.

The new documents include a draft version of the “Automated Vulnerability Risk Adjustment Framework Guidance,” the “Guide for Determining Eligibility and Requirements for the Use of Sampling for Vulnerability Scans” and another on “Vulnerability Scanning Requirements.”

FedRAMP officials have emphasized reducing the compliance costs of continuous monitoring requirements for providers offering cloud services to federal agencies and began in January slowly rolling out new documents to address the changes.

The new documents provide guidance for using automated tools based on the Common Vulnerability Scoring System and how CSPs can “scan representative samples of system components instead of the entire system,” as well as other vulnerability scanning requirements.

CSPs will have six months to apply the new guidance for the sampling of vulnerability scans, while FedRAMP officials said they would pilot the draft “Automated Vulnerability Risk Adjustment Framework Guidance” over the course of the year before issuing a final version.

FedRAMP issues new continuous monitoring guidance and requirements

More Like This

GSA chief advocates for simplified cloud buying, ‘best value’ contracting as Congress considers legislation

VA seeks information on AI governance framework

FedRAMP’s new director has big plans for the cloud compliance program

Top Stories

EPA CIO Vaughn Noga details slew of new modernization efforts underway

Federal data, security leaders release zero-trust guide ahead of White House deadline

OpenAI further expands its generative AI work with the federal government

USAID updated policy to allow use of Signal, Telegram in some circumstances

Federal CIO: The TMF has been vital to government’s improved cybersecurity stature

Commerce looking to publish AI-ready data guidance in coming months

How federal IT officials are navigating the post-AI executive order ‘hype cycle’

More Scoops

FITARA scorecard sees sweeping improvements, as agencies look ahead to FedRAMP, AI hiring

Federal CIO highlights budgetary restrictions, need for trust following FedRAMP memo

GSA taps TMF, USDS alum as new FedRAMP director

GAO wants OMB to prioritize agencies’ FedRAMP use, modernization and more

Microsoft’s Azure OpenAI Service lands FedRAMP High authorization

New guidance aims to make FedRAMP ‘a security-first program,’ OMB official says

Prioritizing agency needs is next step for officials behind new FedRAMP memo

Latest Podcasts

The Biden administration releases a new zero-trust data guide; How the GSA is working to teach federal employees about AI prompt engineering

How CMS is approaching AI adoption with CDSO Andrea Fletcher

What AI means for public sector training and upskilling

What’s at stake in the AI national security memo; the DOD braces to modernize defenses against quantum hacking

Tech

Defense

Cyber

FedScoop TV