- FedRAMP will continue to provide automated monthly summaries of CSO risk posture for cloud services authorized by the JAB to agencies until all authorization packages can be transitioned to centralized continuous monitoring.
- FedRAMP is also preparing continuous monitoring designation letters to clearly identify lead agency/ies for each cloud service provider.
- For cloud service providers that are initially transitioned to a program authorization, we will begin inviting agency customers to monthly continuous monitoring briefings to be briefed on risk status for these systems, to both encourage and facilitate collaborative continuous monitoring and to identify the appropriate designated lead agencies for these systems. During the meetings agency customers will be able to ask questions about cloud service provider risk posture in the same way the JAB operated.
Comments
0 comments
Please sign in to leave a comment.