The Inner Circle

FedRAMP would like your feedback on  Vulnerability Scanning Requirements for the Deployment and Use of Containers (DRAFT).

  • 1.  FedRAMP would like your feedback on  Vulnerability Scanning Requirements for the Deployment and Use of Containers (DRAFT).

    Posted 17 days ago
    Hi All,

    Sorry for the short notice.

    Technology changes rapidly and Cloud Service Providers (CSPs) continue to evolve in order to improve and adapt to customer needs. Some technology changes affect how continuous monitoring is performed. In response to requests from industry and to bridge the vulnerability scanning compliance gaps between traditional cloud systems and containerized cloud systems, FedRAMP developed the Vulnerability Scanning Requirements for the Deployment and Use of Containers (DRAFT) document.

    This document addresses FedRAMP compliance pertaining to the processes, architecture, and security considerations specific to vulnerability scanning for cloud systems using container technology. The requirements described in this document are part of the FedRAMP Continuous Monitoring Strategy Guide and FedRAMP Vulnerability Scanning Requirements. The vulnerability scanning requirements for containerized systems serve to supplement and update existing requirements defined in those documents.

    FedRAMP and the JAB would like your feedback on this document before the final version is published. Please submit your comments to info@fedramp.gov by September 11, 2020.

    Document attached along with the two related documents

    ------------------------------
    Michael Roza CPA, CISA, CIA
    ------------------------------