Yes, a FedRAMP recognized third party assessment organization (3PAO) must perform an announced penetration test as part of the assessment/testing process for Moderate and High systems. For more information, please refer to the FedRAMP Penetration Test Guidance [PDF - 984KB].
Comments
0 comments
Please sign in to leave a comment.