The Federal Risk and Authorization Management Program has released an updated version of its guidance for organizations planning to conduct a penetration test.
FedRAMP said Tuesday the updated Penetration Testing Guidance includes revisions to requirements for addressing emerging threats and attack vectors to reflect current best practices.
The document was revised based on input from third-party assessment organizations and penetration testing subject matter experts and feedback from a Joint Authorization Board member with a Certified Ethical Hacker certification.
FedRAMP also conducted two technical exchange meetings with 3PAOs and JAB Technical Reviewer-recommended subject matter experts.
The guidance is designed for cloud service providers that look to perform a penetration test on their cloud system, 3PAOs that report on FedRAMP penetration testing activities and assessment organizations that develop and evaluate penetration test plans.