FedRAMP and Penetration Testing Guidance Updates in 2024

"Penetration Test" on blue background

Recently, the FedRAMP program (via the OMB) released a request for feedback on new guidance documentation for penetration testing under the program. The new guidance standards target organizations and 3PAOs undergoing or performing penetration tests under FedRAMP requirements.

The new guidance addresses new attack vectors targeting subsystems in IT infrastructure. 

Here, we’ll cover his newest draft about new guidance standards for FedRAMP penetration testing.


Read More

The New FedRAMP Marketplace

FedRAMP Marketplace featured

On February 20th, the FedRAMP PMO announced the release of the newest design for the FedRAMP Marketplace. While this news doesn’t necessarily shake the foundations of government compliance, the Marketplace it is an essential resource for agencies looking for a trustworthy source of information regarding cloud providers.

In this article, we’ll break down what kind of information you can find in the new Marketplace and highlight why this resource is so vital for the health and performance of the program.


Read More

What Is A Vulnerability Deviation Request in StateRAMP Authorization?

vulnerability deviation featured

When we talk about scans, tests, and authorization in the context of StateRAMP assessment, we tend to think that the process (and all its moving parts) are relatively stable and predictable. And, for the most part, this thinking is correct. However, it’s normal, and in some ways expected, to run into issues where scans and tests return problems that can halt a StateRAMP authorization process–even if there isn’t a clear and unmitigated system failure. These instances fall under the category of a vulnerability deviation, and cloud service providers have a path toward working around these issues and gaining their StateRAMP ATO.


Read More