Hello, Guest!

FedRAMP Issues Guidance for Container-Based Cloud Vulnerability Scanning

1 min read
AWS Secret Region IL-6
AWS Secret Region IL-6

The Federal Risk and Authorization Management Program (FedRAMP) has released a document for vulnerability scanning procedures involving container technology for cloud environments.

FedRAMP said Tuesday that the Vulnerability Scanning Requirements for Containers guidance details standards for security considerations, processes and architectures in line with the assessments of cloud service providers during a technical exchange meeting.

The requirements are applicable to systems implementing containerization concepts including security sensors, hardened images, registry monitoring, asset management and orchestration.

According to the document, such guidelines are meant to address risks to containerization technology such as nonstandard configurations, invalidated external software, unauthorized access, unmanaged repositories and unmonitored communications between containers.

The guide also serves as a supplement for scanning requirements detailed in the FedRAMP Continuous Monitoring Strategy Guide.