CSPs will document all operational requirements and false positives from configuration checks the same way that they do vulnerabilities identified from automated scanning tools. Please consult the FedRAMP POA&M Template Completion Guide for further guidance. Not applicable and alternative implementations for configuration settings should be discussed with your agency AO to determine the appropriate course of action.
Comments
0 comments
Please sign in to leave a comment.