FedRAMP Presents Requirements for Annual CSP Assessments

1 min read

The Federal Risk and Authorization Management Program has laid out requirements for cloud service providers and third-party assessment organizations with regard to completing annual assessments.

FedRAMP said Wednesday it requires CSPs to submit an assessment package that consists of a system security plan, an annual incident response plan test report, an annual contingency plan test report and plan-of-action milestones.

On the other hand, 3PAOs need to submit a security assessment plan and a security assessment report, as well as related artifacts including raw vulnerability scan results.

These requirements are made to guide CSPs as their offerings undergo annual security assessments per security control.

ExecutiveGov Logo

Sign Up Now! Executive Gov provides you with Free Daily Updates and News Briefings about General News

The Ultimate Guide to Winning Government Contracts Let us show you how top executives are winning so you can replicate it