|
|
|
|
|
|---|---|---|---|---|
| 03/20/2018 |
|
|
|
FedRAMP PMO |
| 07/14/2022 |
|
All |
|
FedRAMP PMO |
|---|---|---|---|---|
|
||||
| 02/15/2024 |
|
All |
|
FedRAMP PMO |
|
||||
|
||||
|
||||
|
||||
|
||||
This document has been developed to provide guidance on vulnerability scanning policy, procedures, and tools in support of achieving and maintaining a security authorization that meets the Federal Risk and Authorization Management Program (FedRAMP) requirements.
Some cloud service providers (CSPs) may need to transition from their current vulnerability scanners or work with their vendors in order to meet the requirements.
This document is not a FedRAMP template – there is nothing to fill out in this document.
This document uses the term authorizing official (AO). For systems with a Joint Authorization Board (JAB) provisional authorization to operate (P-ATO), AO refers primarily to the JAB unless this document explicitly says agency AO. For systems with a FedRAMP Agency Authorization to Operate (ATO), AO refers to each leveraging agency’s AO.
This document is intended to be used by CSPs, third party assessment organizations (3PAOs), government contractors working on FedRAMP projects, and government employees working on FedRAMP projects.
Questions about FedRAMP or this document should be directed to info@fedramp.gov. For more information about FedRAMP, visit the website at http://www.fedramp.gov.