An important aspect of a CSP’s continuous monitoring program is to provide evidence that demonstrate the efficacy of their program. At various intervals, evidentiary information is provided to FedRAMP and consuming agencies in the form of artifacts after the FedRAMP Provisional Authorization is granted. The submission of these deliverables and artifacts allows FedRAMP and agency authorizing officials to evaluate the risk posture of the CSP’s service offering. Key deliverables are required at the time of annual Self-Attestation. FedRAMP provides a separate Self-Attestation template for CSPs that must be submitted annually one year from the date of the Provisional Authorization and each year thereafter.
We can help design, build, testing and rollout of a Continuous Monitoring Program to comply with FedRAMP requirements, which includes assistance with solution and configuration of Vulnerability and Configuration Assessment or Scanning tools.
A full list of our services in this areas are:
- Assistance with Implementation of a Continuous Monitoring Program
- Documentation related to significant changes or updates to system description and security controls based on changes to accreditation boundary for annual assessment.
- Assistance with Remediation Efforts
- Assessment of changes to accreditation scope
- Ongoing security status reporting.