The Federal Risk and Authorization Management Program launched a request for comment on a draft guide on the requirements for conducting and reporting on FedRAMP penetration tests.

The guidance aims to enhance aid to organizations dealing with potential vulnerabilities in their IT infrastructure, FedRAMP announced Monday.

Depending on public feedback, the updated FedRAMP Penetration Test Guidance may include additional threat and attack vectors and their potential applications.

The new draft also includes the fifth revision of a special publication of the National Institute of Standards and Technology, which focuses on penetration testing, security assessment and red team exercises for all FedRAMP High and Moderate level IT products.

The public comment period will end on April 24.

