Acquisition

FedRAMP issues new continuous monitoring guidance and requirements

FedRAMP issued new documents detailing the requirements needed for automated scanning.

March 21, 2018

(Getty Images)

The Federal Risk and Authorization Management Program (FedRAMP) issued three new documents Tuesday outlining continuous monitoring guidance and requirements for cloud service providers.

The new documents include a draft version of the “Automated Vulnerability Risk Adjustment Framework Guidance,” the “Guide for Determining Eligibility and Requirements for the Use of Sampling for Vulnerability Scans” and another on “Vulnerability Scanning Requirements.”

FedRAMP officials have emphasized reducing the compliance costs of continuous monitoring requirements for providers offering cloud services to federal agencies and began in January slowly rolling out new documents to address the changes.

The new documents provide guidance for using automated tools based on the Common Vulnerability Scoring System and how CSPs can “scan representative samples of system components instead of the entire system,” as well as other vulnerability scanning requirements.

CSPs will have six months to apply the new guidance for the sampling of vulnerability scans, while FedRAMP officials said they would pilot the draft “Automated Vulnerability Risk Adjustment Framework Guidance” over the course of the year before issuing a final version.

FedRAMP issues new continuous monitoring guidance and requirements

More Like This

GAO wants agencies to update cloud computing guidance to manage restrictive licensing

GSA chief advocates for simplified cloud buying, ‘best value’ contracting as Congress considers legislation

Anthropic eyes FedRAMP accreditation in quest to sell more AI to government

Top Stories

National Archives CIO Sheena Burrell takes chief innovation role at FDIC

IRS’s AI voicebots and chatbots have room to grow, advisory panel says

State Department reveals new interagency task force on detecting AI-generated content

House bill to modernize government data, extend CDO Council moves out of committee

Anthropic model subject of first joint evaluation by US, UK AI Safety Institutes

Senators urge DHS to evaluate budding facial recognition ‘regime’ at airports

VA needs bigger budget to draw better cyber talent, CIO says

More Scoops

FedRAMP’s new director has big plans for the cloud compliance program

FITARA scorecard sees sweeping improvements, as agencies look ahead to FedRAMP, AI hiring

Federal CIO highlights budgetary restrictions, need for trust following FedRAMP memo

GSA taps TMF, USDS alum as new FedRAMP director

GAO wants OMB to prioritize agencies’ FedRAMP use, modernization and more

Microsoft’s Azure OpenAI Service lands FedRAMP High authorization

New guidance aims to make FedRAMP ‘a security-first program,’ OMB official says

Latest Podcasts

VA’s CIO calls for a bigger budget to draw better cyber talent; State Department reveals new interagency task force on detecting AI-generated content

The Pentagon reviews findings on major UAP reports in Senate hearing; a bipartisan House bill to modernize government data would extend the life of the CDO Council

A final interview with GSA’s Ann Lewis

The Federal CIO is focused on cyber, a smooth transition in months ahead; New tech announcements made on Defense Secretary Lloyd Austin’s trip to the Indo-Pacific

Tech

Defense

Cyber

FedScoop TV