Hello, Guest.!

FedRAMP Presents Requirements for Annual CSP Assessments

1 min read

The Federal Risk and Authorization Management Program has laid out requirements for cloud service providers and third-party assessment organizations with regard to completing annual assessments.

FedRAMP said Wednesday it requires CSPs to submit an assessment package that consists of a system security plan, an annual incident response plan test report, an annual contingency plan test report and plan-of-action milestones.

On the other hand, 3PAOs need to submit a security assessment plan and a security assessment report, as well as related artifacts including raw vulnerability scan results.

These requirements are made to guide CSPs as their offerings undergo annual security assessments per security control.