Authorizations
- What is the process for handling false positives found during an initial or annual assessment when the security assessment report (SAR) is closed but has not yet been approved by the partnering agency?
- Is a penetration test required for FedRAMP authorization?
- If a Software-as-a-Service (SaaS) or Platform-as-a-Service (PaaS) resides on a FedRAMP Authorized Infrastructure-as-a-Service (IaaS), does that mean it is also FedRAMP Authorized?
