- FedRAMP does not require that former JAB authorized cloud service offerings only use other former JAB authorized cloud service offerings. However, CSOs that previously had a JAB provisional authorization should work with their newly designated lead agencies to make sure any new system changes leveraging FedRAMP authorized cloud offerings are approved by those designated lead agencies via the significant change request processes.
- In all cases, it is critical that CSOs maintain an up-to-date security package on the FedRAMP secure repository, and that it is clear if these changes are “under review” or “approved.” If the significant change is reviewed and approved, the CSO must also update their FedRAMP documentation (i.e. impacted controls, boundary diagram, etc.) so that agency customers have transparency into these changes.
- FedRAMP plans to post for public comment proposed updated authorization boundary guidance that will be intended to apply broadly to all FedRAMP authorizations.
Comments
0 comments
Please sign in to leave a comment.