CINXE.COM

Penetration Test Guidance Public Comment Period | FedRAMP.gov

<!doctype html> <html lang="en"> <head> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-TT3D6BG');</script> <!-- End Google Tag Manager --> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Penetration Test Guidance Public Comment Period | FedRAMP.gov</title> <meta name="keywords" content=""/> <meta property="og:type" content="website"> <meta property="og:title" content="Penetration Test Guidance Public Comment Period | FedRAMP.gov" /> <meta name="twitter:title" content="Penetration Test Guidance Public Comment Period | FedRAMP.gov"> <meta property="og:url" content="https://www.fedramp.gov/2024-03-04-penetration-test-guidance-public-comment-period/"> <meta name="twitter:card" content="summary_large_image"> <meta property="og:image" content="https://www.fedramp.gov/assets/img/blog-images/2024-02-29-penetration-test-guidance-public-comment-period.png"> <meta name="twitter:image" content="https://www.fedramp.gov/assets/img/blog-images/2024-02-29-penetration-test-guidance-public-comment-period.png"> <meta property="og:description" content="FedRAMP is seeking feedback on the draft FedRAMP Penetration Test Guidance. The original guidance provides requirements for organizations planning to conduct..."> <meta name="twitter:description" content="FedRAMP is seeking feedback on the draft FedRAMP Penetration Test Guidance. The original guidance provides requirements for organizations planning to conduct..."> <link rel="stylesheet" href="/assets/vendor/uswds-2.8.0/css/uswds.css"> <link rel="stylesheet" href="/assets/css/main.css"> <link rel="shortcut icon" type="image/x-icon" href="/assets/img/favicons/favicon.ico" /> <link rel="apple-touch-icon" sizes="57x57" href="/assets/img/favicons/apple-icon-57x57.png" /> <link rel="apple-touch-icon" sizes="60x60" href="/assets/img/favicons/apple-icon-60x60.png" /> <link rel="apple-touch-icon" sizes="72x72" href="/assets/img/favicons/apple-icon-72x72.png" /> <link rel="apple-touch-icon" sizes="76x76" href="/assets/img/favicons/apple-icon-76x76.png" /> <link rel="apple-touch-icon" sizes="114x114" href="/assets/img/favicons/apple-icon-114x114.png" /> <link rel="apple-touch-icon" sizes="120x120" href="/assets/img/favicons/apple-icon-120x120.png" /> <link rel="apple-touch-icon" sizes="144x144" href="/assets/img/favicons/apple-icon-144x144.png" /> <link rel="apple-touch-icon" sizes="152x152" href="/assets/img/favicons/apple-icon-152x152.png" /> <link rel="apple-touch-icon" sizes="180x180" href="/assets/img/favicons/apple-icon-180x180.png" /> <link rel="icon" type="image/png" sizes="192x192" href="/assets/img/favicons/android-icon-192x192.png" /> <link rel="icon" type="image/png" sizes="32x32" href="/assets/img/favicons/favicon-32x32.png" /> <link rel="icon" type="image/png" sizes="96x96" href="/assets/img/favicons/favicon-96x96.png" /> <link rel="icon" type="image/png" sizes="16x16" href="/assets/img/favicons/favicon-16x16.png" /> <link rel="manifest" href="/manifest.json"> <meta name="msapplication-TileColor" content="#ffffff"> <meta name="msapplication-TileImage" content="/ms-icon-144x144.png"> <meta name="theme-color" content="#ffffff"> <link rel="canonical" href="https://www.fedramp.gov/2024-03-04-penetration-test-guidance-public-comment-period/"> <link rel="alternate" type="application/rss+xml" title="FedRAMP.gov" href="https://www.fedramp.gov/feed.xml" /> <script defer src="https://use.fontawesome.com/releases/v5.12.1/js/all.js"></script> </head> <body class="page-blog"> <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-TT3D6BG" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <!-- End Google Tag Manager (noscript) --> <div class="usa-overlay"></div> <a href="#main" class="usa-skipnav">Skip to main content</a> <header class="usa-header usa-header-basic fedramp-header" role="banner"> <!-- Gov banner BEGIN --> <section class="usa-banner site-banner" aria-label="Official government website"> <div class="usa-accordion"> <header class="usa-banner__header"> <div class="usa-banner__inner"> <div class="grid-col-auto"> <img class="usa-banner__header-flag" width="16" src="/assets/img/us_flag_small.png" alt="U.S. flag"> </div> <div class="grid-col-fill tablet:grid-col-auto"> <p class="usa-banner__header-text">An official website of the United States government</p> <p class="usa-banner__header-action" aria-hidden="true">Here’s how you know</p> </div> <button class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner"> <span class="usa-banner__button-text">Here’s how you know</span> </button> </div> </header> <div class="usa-banner__content usa-accordion__content" id="gov-banner" hidden=""> <div class="grid-row grid-gap-lg"> <div class="usa-banner__guidance tablet:grid-col-6"> <img class="usa-banner__icon usa-media-block__img" src="/assets/img/icon-dot-gov.svg" role="img" alt="Dot gov"> <div class="usa-media-block__body"> <p> <strong>Official websites use .gov</strong> <br> A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> <div class="usa-banner__guidance tablet:grid-col-6"> <img class="usa-banner__icon usa-media-block__img" src="/assets/img/icon-https.svg" role="img" alt="Https"> <div class="usa-media-block__body"> <p> <strong>Secure .gov websites use HTTPS</strong> <br> A <strong>lock</strong> ( <span class="icon-lock"><svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewBox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-title banner-lock-description"> <title id="banner-lock-title">Lock</title> <desc id="banner-lock-description">A locked padlock</desc> <path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"> </path> </svg></span> ) or <strong>https://</strong> means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </section> <!-- Gov banner END --> <!-- AV01 --> <div style="display: none;"> <p class="post-time">1731974400</p> <p class="post-time">1731024000</p> <p class="post-time">1731024000</p> <p class="post-time">1731024000</p> <p class="post-time">1729123200</p> <p class="post-time">1728950400</p> <p class="post-time">1727654400</p> <p class="post-time">1727654400</p> <p class="post-time">1727395200</p> <p class="post-time">1725321600</p> <p class="post-time">1724803200</p> <p class="post-time">1724716800</p> <p class="post-time">1723420800</p> <p class="post-time">1723161600</p> <p class="post-time">1723075200</p> <p class="post-time">1723075200</p> <p class="post-time">1722297600</p> <p class="post-time">1721952000</p> <p class="post-time">1721260800</p> <p class="post-time">1720656000</p> <p class="post-time">1720569600</p> <p class="post-time">1719446400</p> <p class="post-time">1717459200</p> <p class="post-time">1717113600</p> <p class="post-time">1717113600</p> <p class="post-time">1714435200</p> <p class="post-time">1711670400</p> <p class="post-time">1711670400</p> <p class="post-time">1711584000</p> <p class="post-time">1710460800</p> <p class="post-time">1709510400</p> <p class="post-time">1709510400</p> <p class="post-time">1709510400</p> <p class="post-time">1708041600</p> <p class="post-time">1707955200</p> <p class="post-time">1707955200</p> <p class="post-time">1707955200</p> <p class="post-time">1707955200</p> <p class="post-time">1707955200</p> <p class="post-time">1707955200</p> <p class="post-time">1707696000</p> <p class="post-time">1706745600</p> <p class="post-time">1706227200</p> <p class="post-time">1705622400</p> <p class="post-time">1705449600</p> <p class="post-time">1702512000</p> <p class="post-time">1701302400</p> <p class="post-time">1699833600</p> <p class="post-time">1698969600</p> <p class="post-time">1698710400</p> <p class="post-time">1698364800</p> <p class="post-time">1697155200</p> <p class="post-time">1695254400</p> <p class="post-time">1695081600</p> <p class="post-time">1693353600</p> <p class="post-time">1693353600</p> <p class="post-time">1693353600</p> <p class="post-time">1693353600</p> <p class="post-time">1693353600</p> <p class="post-time">1693353600</p> <p class="post-time">1690848000</p> <p class="post-time">1690243200</p> <p class="post-time">1689811200</p> <p class="post-time">1689292800</p> <p class="post-time">1689206400</p> <p class="post-time">1689206400</p> <p class="post-time">1688083200</p> <p class="post-time">1688083200</p> <p class="post-time">1688083200</p> <p class="post-time">1688083200</p> <p class="post-time">1688083200</p> <p class="post-time">1688083200</p> <p class="post-time">1688083200</p> <p class="post-time">1688083200</p> <p class="post-time">1688083200</p> <p class="post-time">1687910400</p> <p class="post-time">1687219200</p> <p class="post-time">1686873600</p> <p class="post-time">1686787200</p> <p class="post-time">1685404800</p> <p class="post-time">1685404800</p> <p class="post-time">1684454400</p> <p class="post-time">1683849600</p> <p class="post-time">1682467200</p> <p class="post-time">1680739200</p> <p class="post-time">1680739200</p> <p class="post-time">1675728000</p> <p class="post-time">1674604800</p> <p class="post-time">1673913600</p> <p class="post-time">1673395200</p> <p class="post-time">1671667200</p> <p class="post-time">1669680000</p> <p class="post-time">1668556800</p> <p class="post-time">1667952000</p> <p class="post-time">1666828800</p> <p class="post-time">1666656000</p> <p class="post-time">1663804800</p> <p class="post-time">1663113600</p> <p class="post-time">1661990400</p> <p class="post-time">1661990400</p> <p class="post-time">1660780800</p> <p class="post-time">1660089600</p> <p class="post-time">1658793600</p> <p class="post-time">1658188800</p> <p class="post-time">1656979200</p> <p class="post-time">1656547200</p> <p class="post-time">1656374400</p> <p class="post-time">1655942400</p> <p class="post-time">1655769600</p> <p class="post-time">1654041600</p> <p class="post-time">1652918400</p> <p class="post-time">1651017600</p> <p class="post-time">1647388800</p> <p class="post-time">1646697600</p> <p class="post-time">1646179200</p> <p class="post-time">1644883200</p> <p class="post-time">1644883200</p> <p class="post-time">1643241600</p> <p class="post-time">1642550400</p> <p class="post-time">1642464000</p> <p class="post-time">1641254400</p> <p class="post-time">1640044800</p> <p class="post-time">1638921600</p> <p class="post-time">1638835200</p> <p class="post-time">1638403200</p> <p class="post-time">1637625600</p> <p class="post-time">1636416000</p> <p class="post-time">1635811200</p> <p class="post-time">1635379200</p> <p class="post-time">1634688000</p> <p class="post-time">1632268800</p> <p class="post-time">1629763200</p> <p class="post-time">1628726400</p> <p class="post-time">1628553600</p> <p class="post-time">1626739200</p> <p class="post-time">1626220800</p> <p class="post-time">1626134400</p> <p class="post-time">1625011200</p> <p class="post-time">1623110400</p> <p class="post-time">1621468800</p> <p class="post-time">1620691200</p> <p class="post-time">1620259200</p> <p class="post-time">1619481600</p> <p class="post-time">1618444800</p> <p class="post-time">1617062400</p> <p class="post-time">1616544000</p> <p class="post-time">1615852800</p> <p class="post-time">1615852800</p> <p class="post-time">1613433600</p> <p class="post-time">1612915200</p> <p class="post-time">1611705600</p> <p class="post-time">1607644800</p> <p class="post-time">1606780800</p> <p class="post-time">1606176000</p> <p class="post-time">1602201600</p> <p class="post-time">1600300800</p> <p class="post-time">1598918400</p> <p class="post-time">1597881600</p> <p class="post-time">1597363200</p> <p class="post-time">1596585600</p> <p class="post-time">1596153600</p> <p class="post-time">1595462400</p> <p class="post-time">1592956800</p> <p class="post-time">1591747200</p> <p class="post-time">1588809600</p> <p class="post-time">1585180800</p> <p class="post-time">1582675200</p> <p class="post-time">1582243200</p> <p class="post-time">1576540800</p> <p class="post-time">1571097600</p> <p class="post-time">1568073600</p> <p class="post-time">1567555200</p> <p class="post-time">1566864000</p> <p class="post-time">1563926400</p> <p class="post-time">1560988800</p> <p class="post-time">1560988800</p> <p class="post-time">1559174400</p> <p class="post-time">1557273600</p> <p class="post-time">1556668800</p> <p class="post-time">1551916800</p> <p class="post-time">1541462400</p> <p class="post-time">1535414400</p> <p class="post-time">1535414400</p> <p class="post-time">1535414400</p> <p class="post-time">1524700800</p> <p class="post-time">1522800000</p> <p class="post-time">1521504000</p> <p class="post-time">1521504000</p> <p class="post-time">1516838400</p> <p class="post-time">1510790400</p> <p class="post-time">1495065600</p> <p class="post-time">1323302400</p> </div> <div class="search-feature"> <div class="search-wrapper"> <div title="Notification Updates" class="bell" tabindex="0"> <img class="notification-bell-icon" src="/assets/img/notification-bell.svg" alt="Notification Bell" /> <button class="post-count" title="Post Count" style="display:none;"></button> <div id="alert-logic"> <div class="alert-wrapper-fallback"> <button class="bell-close"><img class="notification-close" src="/assets/img/bell-close.svg" alt="" /></button> <ul> <li class="no-new"> <p>No New Posts</p> </li> </ul> </div> <div class="alert-wrapper"> <button class="bell-close"><img class="notification-close" src="/assets/img/bell-close.svg" alt="" /></button> <ul> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-Continuous-Monitoring-Monthly-Executive-Summary-Template.xlsx">Continuous Monitoring Monthly Executive Summary Template</a> <p class="date"><strong>New Document</strong> | November 19, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-SAR-Appendix-B-Moderate-Security-Requirements-Traceability-Matrix-Template.xlsx">FedRAMP SAR Appendix B - Moderate Security Requirements Traceability Matrix Template</a> <p class="date"><strong>New Document</strong> | November 8, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-SAR-Appendix-B-Low-Security-Requirements-Traceability-Matrix-Template.xlsx">FedRAMP SAR Appendix B - Low Security Requirements Traceability Matrix Template</a> <p class="date"><strong>New Document</strong> | November 8, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-SAR-Appendix-B-High-Security-Requirements-Traceability-Matrix-Template.xlsx">FedRAMP SAR Appendix B - High Security Requirements Traceability Matrix Template</a> <p class="date"><strong>New Document</strong> | November 8, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/documents/3PAO_Readiness_Assessment_Report_Guide.pdf">3PAO Readiness Assessment Report Guide</a> <p class="date"><strong>Updated Document</strong> | October 17, 2024</p> </li> <li class="current-post"> <a href="/2024-10-15-fedramp-help-center/">FedRAMP Help Center</a> <p class="date"><strong>New Post</strong> | October 15, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/templates/SSP-Appendix-A-High-FedRAMP-Security-Controls.docx">SSP Appendix A - High FedRAMP Security Controls</a> <p class="date"><strong>New Document</strong> | September 30, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_Incident_Communications_Procedures.pdf">Incident Communications Procedures</a> <p class="date"><strong>Updated Document</strong> | September 30, 2024</p> </li> <li class="current-post"> <a href="/2024-09-27-agile-delivery-pilot-update/">FedRAMP Agile Delivery Pilot Update</a> <p class="date"><strong>New Post</strong> | September 27, 2024</p> </li> <li class="current-post"> <a href="/2024-09-03-the-missing-piece-of-our-modernization-puzzle-the-fedramp-platform/">The Missing Piece of Our Modernization Puzzle&#58; The FedRAMP Platform</a> <p class="date"><strong>New Post</strong> | September 3, 2024</p> </li> <li class="current-post"> <a href="/2024-08-28-digital-authorization-pilot/">Digital Authorization Package Pilot Launch</a> <p class="date"><strong>New Post</strong> | August 28, 2024</p> </li> <li class="current-post"> <a href="/2024-08-27-welcoming-a-new-leader-for-a-new-fedramp/">Welcoming a New Leader for a New FedRAMP</a> <p class="date"><strong>New Post</strong> | August 27, 2024</p> </li> <li class="current-post"> <a href="/2024-08-12-moving-to-one-fedramp-authorization-an-update-on-the-jab-transition/">Moving to One FedRAMP Authorization&#58; An Update on the JAB Transition</a> <p class="date"><strong>New Post</strong> | August 12, 2024</p> </li> <li class="current-post"> <a href="/2024-08-09-strengthening-the-use-of-cryptography-to-secure-federal-cloud-systems/">Strengthening the Use of Cryptography to Secure Federal Cloud Systems</a> <p class="date"><strong>New Post</strong> | August 9, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-Vulnerability-Deviation-Request-Form.xlsx">FedRAMP Vulnerability Deviation Request Form</a> <p class="date"><strong>New Document</strong> | August 8, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-H-M-L-Li-Review-Report-Template-Rev4.xlsx">FedRAMP H-M-L-Li Review Report Template - Rev. 4</a> <p class="date"><strong>Updated Document</strong> | August 8, 2024</p> </li> <li class="current-post"> <a href="/2024-07-30-fedramps-metrics-for-public-comment/">FedRAMP Metrics for Public Comment</a> <p class="date"><strong>New Post</strong> | July 30, 2024</p> </li> <li class="current-post"> <a href="/2024-07-26-the-next-phase-of-fedramp/">The Next Phase of FedRAMP</a> <p class="date"><strong>New Post</strong> | July 26, 2024</p> </li> <li class="current-post"> <a href="/2024-07-18-fedramps-roadmap-progress-one-quarter-in/">FedRAMP's Roadmap Progress, One Quarter In</a> <p class="date"><strong>New Post</strong> | July 18, 2024</p> </li> <li class="current-post"> <a href="/2024-07-11-new-website-launch-automate-fedramp-gov/">New Website Launch&#58; automate.fedramp.gov</a> <p class="date"><strong>New Post</strong> | July 11, 2024</p> </li> <li class="current-post"> <a href="/2024-07-10-launch-of-the-fedramp-pilot-program/">The FedRAMP Agile Delivery Pilot</a> <p class="date"><strong>New Post</strong> | July 10, 2024</p> </li> <li class="current-post"> <a href="/2024-06-27-release-of-et-framework/">Release of Emerging Technology Prioritization Framework</a> <p class="date"><strong>New Post</strong> | June 27, 2024</p> </li> <li class="current-post"> <a href="/2024-06-04-fedramp-governance/">FedRAMP Governance</a> <p class="date"><strong>New Post</strong> | June 4, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-Moderate-Readiness-Assessment-Report-(RAR)-Template.docx">FedRAMP Moderate Readiness Assessment Report (RAR) Template</a> <p class="date"><strong>Updated Document</strong> | May 31, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-High-Readiness-Assessment-Report-(RAR)-Template.docx">FedRAMP High Readiness Assessment Report (RAR) Template</a> <p class="date"><strong>Updated Document</strong> | May 31, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/documents/Agency_Package_Request_Form.pdf">FedRAMP Package Access Request Form</a> <p class="date"><strong>New Document</strong> | April 30, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/templates/SAR-Appendix-A-FedRAMP-Risk-Exposure-Table-(RET)-Template.xlsx">SAR Appendix A - FedRAMP Risk Exposure Table (RET) Template</a> <p class="date"><strong>New Document</strong> | March 29, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-POAM-Template.xlsx">FedRAMP Plan of Action and Milestones (POA&M) Template</a> <p class="date"><strong>Updated Document</strong> | March 29, 2024</p> </li> <li class="current-post"> <a href="/2024-03-28-a-new-roadmap-for-fedramp/">A New Roadmap for FedRAMP</a> <p class="date"><strong>New Post</strong> | March 28, 2024</p> </li> <li class="current-post"> <a href="/2024-03-15-rfq-for-grc-solution-released/">RFQ for GRC Solution Released</a> <p class="date"><strong>New Post</strong> | March 15, 2024</p> </li> <li class="current-post"> <a href="/2024-03-04-penetration-test-guidance-public-comment-period/">Penetration Test Guidance Public Comment Period</a> <p class="date"><strong>New Post</strong> | March 4, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-Continuous-Monitoring-Deliverables-Template.xlsx">FedRAMP Continuous Monitoring Deliverables Template</a> <p class="date"><strong>New Document</strong> | March 4, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_Annual_Assessment_Controls_Selection_Worksheet.xlsx">Annual Assessment Controls Selection Worksheet</a> <p class="date"><strong>New Document</strong> | March 4, 2024</p> </li> <li class="current-post"> <a href="/2024-02-16-rev-5-additional-documents-released/">Rev. 5 - Additional Documents Released</a> <p class="date"><strong>New Post</strong> | February 16, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/templates/SSP-Appendix-A-Moderate-FedRAMP-Security-Controls.docx">SSP Appendix A - Moderate FedRAMP Security Controls</a> <p class="date"><strong>New Document</strong> | February 15, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-Rev-4-to-Rev-5-Assessment-Controls-Selection-Template.xlsx">FedRAMP Rev. 4 to Rev. 5 Assessment Controls Selection Template</a> <p class="date"><strong>New Document</strong> | February 15, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_Vulnerability_Scanning_Requirements.pdf">Vulnerability Scanning Requirements</a> <p class="date"><strong>New Document</strong> | February 15, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_Authorization_Playbook.pdf">CSP Authorization Playbook</a> <p class="date"><strong>New Document</strong> | February 15, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_Annual_Assessment_Guidance.pdf">Annual Assessment Guidance</a> <p class="date"><strong>New Document</strong> | February 15, 2024</p> </li> <li class="current-post"> <a href="/assets/resources/documents/Agency_Authorization_Playbook.pdf">Agency Authorization Playbook</a> <p class="date"><strong>New Document</strong> | February 15, 2024</p> </li> <li class="current-post"> <a href="/2024-02-12-supplemental-direction-v2-cisa-emergency-directive-24-01/">Supplemental Direction v2 - CISA Emergency Directive 24-01</a> <p class="date"><strong>New Post</strong> | February 12, 2024</p> </li> <li class="current-post"> <a href="/2024-02-01-supplemental-direction-v1-cisa-emergency-directive-24-01/">Supplemental Direction v1 - CISA Emergency Directive 24-01</a> <p class="date"><strong>New Post</strong> | February 1, 2024</p> </li> <li class="current-post"> <a href="/2024-01-26-fedramps-emerging-technology-prioritization-framework-overview-and-request-for-comment/">FedRAMP's Emerging Technology Prioritization Framework - Overview and Request for Comment</a> <p class="date"><strong>New Post</strong> | January 26, 2024</p> </li> <li class="current-post"> <a href="/2024-01-19-cisa-emergency-directive-24-01/">CISA Emergency Directive 24-01</a> <p class="date"><strong>New Post</strong> | January 19, 2024</p> </li> <li class="current-post"> <a href="/2024-01-17-modernization-automating-fedramps-technology/">Modernization - Automating FedRAMP's Technology</a> <p class="date"><strong>New Post</strong> | January 17, 2024</p> </li> <li class="current-post"> <a href="/2023-12-14-fedramp-modernization-overview/">FedRAMP Modernization Overview</a> <p class="date"><strong>New Post</strong> | December 14, 2023</p> </li> <li class="current-post"> <a href="/2023-11-30-extended-comment-period-draft-fedramp-memo/">Extended Comment Period on Draft FedRAMP Memo</a> <p class="date"><strong>New Post</strong> | November 30, 2023</p> </li> <li class="current-post"> <a href="/2023-11-13-usda-connect-update-to-fedramp-stakeholders/">FedRAMP Repository - USDA Connect Update</a> <p class="date"><strong>New Post</strong> | November 13, 2023</p> </li> <li class="current-post"> <a href="/2023-11-03-fedramp-policy-memo-public-engagement-forum-with-omb/">FedRAMP Policy Memo Public Engagement Forum with OMB</a> <p class="date"><strong>New Post</strong> | November 3, 2023</p> </li> <li class="current-post"> <a href="/2023-10-31-fedramps-role-in-the-ai-executive-order/">FedRAMP's Role In The AI Executive Order</a> <p class="date"><strong>New Post</strong> | October 31, 2023</p> </li> <li class="current-post"> <a href="/2023-10-27-omb-fedramp-memo/">OMB FedRAMP Memo</a> <p class="date"><strong>New Post</strong> | October 27, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-High-Moderate-Low-LI-SaaS-Baseline-System-Security-Plan-(SSP).docx">FedRAMP High, Moderate, Low, LI-SaaS Baseline System Security Plan (SSP)</a> <p class="date"><strong>Updated Document</strong> | October 13, 2023</p> </li> <li class="current-post"> <a href="/2023-09-21-fedramp-repository-next-steps/">FedRAMP Repository - Next Steps</a> <p class="date"><strong>New Post</strong> | September 21, 2023</p> </li> <li class="current-post"> <a href="/2023-09-19-a2la-updates-the-r311/">A2LA Updates the R311</a> <p class="date"><strong>New Post</strong> | September 19, 2023</p> </li> <li class="current-post"> <a href="/2023-08-30-rev-5-additional-documents-released/">Rev. 5 - Additional Documents Released</a> <p class="date"><strong>New Post</strong> | August 30, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/templates/SSP-Appendix-A-Low-FedRAMP-Security-Controls.docx">SSP Appendix A - Low FedRAMP Security Controls</a> <p class="date"><strong>New Document</strong> | August 30, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/templates/SSP-Appendix-A-LI-SaaS-FedRAMP-Security-Controls.docx">SSP Appendix A - LI-SaaS FedRAMP Security Controls</a> <p class="date"><strong>New Document</strong> | August 30, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/documents/FedRAMP_General_Document_Acceptance_Criteria.pdf">FedRAMP General Document Acceptance Criteria</a> <p class="date"><strong>New Document</strong> | August 30, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/documents/FedRAMP_Collaborative_ConMon_Quick_Guide.pdf">FedRAMP Collaborative ConMon Quick Guide</a> <p class="date"><strong>New Document</strong> | August 30, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_Continuous_Monitoring_Performance_Management_Guide.pdf">Continuous Monitoring Performance Management Guide</a> <p class="date"><strong>New Document</strong> | August 30, 2023</p> </li> <li class="current-post"> <a href="/2023-08-01-new-3pao-training-obligations-and-performance-standards/">New 3PAO Training - Obligations and Performance Standards</a> <p class="date"><strong>New Post</strong> | August 1, 2023</p> </li> <li class="current-post"> <a href="/2023-07-25-csps-prioritized-to-work-with-jab/">CSPs Prioritized to Work with the JAB</a> <p class="date"><strong>New Post</strong> | July 25, 2023</p> </li> <li class="current-post"> <a href="/2023-07-20-3pao-assessment-teams-must-be-qualified/">3PAO Assessment Teams Must Be Qualified</a> <p class="date"><strong>New Post</strong> | July 20, 2023</p> </li> <li class="current-post"> <a href="/2023-07-14-fedramp-guidance-for-m-21-31-and-m-22-09/">FedRAMP Guidance for M-21-31 and M-22-09</a> <p class="date"><strong>New Post</strong> | July 14, 2023</p> </li> <li class="current-post"> <a href="/2023-07-13-rev5-approach-to-sc8-protecting-data-in-transit/">The Rev. 5 Approach to SC-8, and Protecting Data-in-Transit</a> <p class="date"><strong>New Post</strong> | July 13, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/templates/SSP-Appendix-J-CSO-CIS-and-CRM-Workbook.xlsx">SSP Appendix J - <CSO> CIS and CRM Workbook</a> <p class="date"><strong>New Document</strong> | July 13, 2023</p> </li> <li class="current-post"> <a href="/2023-06-30-rev-5-additional-documents-released/">Rev. 5 - Additional Documents Released</a> <p class="date"><strong>New Post</strong> | June 30, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/templates/SSP-Appendix-Q-Cryptographic-Modules-Table.docx">SSP Appendix Q - Cryptographic Modules Table</a> <p class="date"><strong>New Document</strong> | June 30, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/templates/SSP-Appendix-M-Integrated-Inventory-Workbook-Template.xlsx">SSP Appendix M - Integrated Inventory Workbook Template</a> <p class="date"><strong>Updated Document</strong> | June 30, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/templates/SSP-Appendix-G-Information-System-Contingency-Plan-(ISCP)-Template.docx">SSP Appendix G - Information System Contingency Plan (ISCP) Template</a> <p class="date"><strong>New Document</strong> | June 30, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/templates/SSP-Appendix-F-Rules-of-Behavior-(RoB)-Template.docx">SSP Appendix F - Rules of Behavior (RoB) Template</a> <p class="date"><strong>New Document</strong> | June 30, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-Security-Assessment-Report-(SAR)-Template.docx">FedRAMP Security Assessment Report (SAR) Template</a> <p class="date"><strong>New Document</strong> | June 30, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-Security-Assessment-Plan-(SAP)-Template.docx">FedRAMP Security Assessment Plan (SAP) Template</a> <p class="date"><strong>New Document</strong> | June 30, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-Laws-Regulations-Standards-and-Guidance-Reference.xlsx">FedRAMP Laws, Regulations, Standards and Guidance Reference</a> <p class="date"><strong>New Document</strong> | June 30, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-Initial-Authorization-Package-Checklist.xlsx">FedRAMP Initial Authorization Package Checklist</a> <p class="date"><strong>Updated Document</strong> | June 30, 2023</p> </li> <li class="current-post"> <a href="/2023-06-28-looking-ahead-fedramp-pmo-comms-regarding-rev-5/">Looking Ahead - FedRAMP PMO Communications Regarding Rev. 5</a> <p class="date"><strong>New Post</strong> | June 28, 2023</p> </li> <li class="current-post"> <a href="/2023-06-20-fedramp-marketplace-upgrade/">FedRAMP Marketplace Upgrade</a> <p class="date"><strong>New Post</strong> | June 20, 2023</p> </li> <li class="current-post"> <a href="/2023-06-16-fedramp-bod-23-02-guidance/">FedRAMP Guidance on BOD 23-02</a> <p class="date"><strong>New Post</strong> | June 16, 2023</p> </li> <li class="current-post"> <a href="/2023-06-15-updated-rev-5-oscal-profiles-and-resolved-profile-catalogs-have-been-released/">Updated Rev. 5 OSCAL Profiles and Resolved Profile Catalogs Have Been Released</a> <p class="date"><strong>New Post</strong> | June 15, 2023</p> </li> <li class="current-post"> <a href="/blog/2023-05-30-rev-5-baselines-have-been-approved-and-released/">Rev. 5 Baselines Have Been Approved and Released!</a> <p class="date"><strong>New Post</strong> | May 30, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/documents/FedRAMP_Security_Controls_Baseline.xlsx">FedRAMP Security Controls Baseline</a> <p class="date"><strong>Updated Document</strong> | May 30, 2023</p> </li> <li class="current-post"> <a href="/2023-05-19-gsa-releases-fedramps-2023-customer-survey/">GSA Releases FedRAMP’s 2023 Customer Survey</a> <p class="date"><strong>New Post</strong> | May 19, 2023</p> </li> <li class="current-post"> <a href="/2023-05-12-gsa-administrator-appoints-members-federal-secure-cloud-advisory-committee/">GSA Administrator Appoints Members to the Federal Secure Cloud Advisory Committee</a> <p class="date"><strong>New Post</strong> | May 12, 2023</p> </li> <li class="current-post"> <a href="/2023-04-26-fedramp-authorizations-hit-300/">FedRAMP Authorizations Hit 300 Milestone</a> <p class="date"><strong>New Post</strong> | April 26, 2023</p> </li> <li class="current-post"> <a href="/updated-3PAO-obligations-and-performance-standards-document/">Updated FedRAMP 3PAO Obligations and Performance Standards Document</a> <p class="date"><strong>New Post</strong> | April 6, 2023</p> </li> <li class="current-post"> <a href="/assets/resources/documents/3PAO_Obligations_and_Performance_Standards.pdf">3PAO Obligations and Performance Guide</a> <p class="date"><strong>Updated Document</strong> | April 6, 2023</p> </li> <li class="current-post"> <a href="/2023-02-07-csps-prioritized-to-work-with-the-jab-and-next-fedramp-connect-due-date/">CSPs Prioritized to Work with the JAB and Next FedRAMP Connect Due Date</a> <p class="date"><strong>New Post</strong> | February 7, 2023</p> </li> <li class="current-post"> <a href="/blog/2023-01-25-call-fscac-noms/">Call for Federal Secure Cloud Advisory Committee Nominations</a> <p class="date"><strong>New Post</strong> | January 25, 2023</p> </li> <li class="current-post"> <a href="/blog/2023-01-17-fy22-annual-survey-recap/">FedRAMP FY22 Annual Survey Recap</a> <p class="date"><strong>New Post</strong> | January 17, 2023</p> </li> <li class="current-post"> <a href="/blog/2023-01-11-announces-passing-fedramp-auth-act/">FedRAMP Announces the Passing of the FedRAMP Authorization Act!</a> <p class="date"><strong>New Post</strong> | January 11, 2023</p> </li> <li class="current-post"> <a href="/blog/2022-12-22-crypto-modules-historical-status/">Status of Crypto Modules in Historical Status</a> <p class="date"><strong>New Post</strong> | December 22, 2022</p> </li> <li class="current-post"> <a href="/blog/2022-11-29-engaging-fedramp-part3-sar-debrief/"><b>Engaging with FedRAMP</b> - PART 3, The SAR Debrief</a> <p class="date"><strong>New Post</strong> | November 29, 2022</p> </li> <li class="current-post"> <a href="/blog/2022-11-16-engaging-fedramp-part2-kickoff-meeting/"><b>Engaging with FedRAMP</b> - PART 2, The Kickoff Meeting</a> <p class="date"><strong>New Post</strong> | November 16, 2022</p> </li> <li class="current-post"> <a href="/blog/2022-11-09-engaging-fedramp-part1-intake/"><b>Engaging with FedRAMP</b> - PART 1, The Intake Process</a> <p class="date"><strong>New Post</strong> | November 9, 2022</p> </li> <li class="current-post"> <a href="/blog/2022-10-27-a-look-back-at-FY-22/">A Look Back at Fiscal Year 2022</a> <p class="date"><strong>New Post</strong> | October 27, 2022</p> </li> <li class="current-post"> <a href="/blog/2022-10-25-csp-prioritized-work-with-jab/">CSP Prioritized to Work with the JAB and Next FedRAMP Connect Due Date</a> <p class="date"><strong>New Post</strong> | October 25, 2022</p> </li> <li class="current-post"> <a href="/blog/2022-09-22-fedramp-agency-liaisons/">FedRAMP Agency Liaisons</a> <p class="date"><strong>New Post</strong> | September 22, 2022</p> </li> <li class="current-post"> <a href="/blog/2022-09-14-public-comment-period-authorization-boundary-guidance/">FedRAMP Announces Public Comment Period for Authorization Boundary Guidance</a> <p class="date"><strong>New Post</strong> | September 14, 2022</p> </li> <li class="current-post"> <a href="/blog/2022-09-01-fedramp-releases-updated-brand-guide/">FedRAMP Releases Updated Brand Guide</a> <p class="date"><strong>New Post</strong> | September 1, 2022</p> </li> <li class="current-post"> <a href="/assets/resources/documents/FedRAMP_Branding_Guidance.pdf">Branding Guidance</a> <p class="date"><strong>New Document</strong> | September 1, 2022</p> </li> <li class="current-post"> <a href="/blog/2022-08-18-fedramp-launches-oscal-developer-data-bites-series/">FedRAMP Launches OSCAL Developer Data Bites Series</a> <p class="date"><strong>New Post</strong> | August 18, 2022</p> </li> <li class="current-post"> <a href="/blog/2022-08-10-fedramp-releases-fy22-annual-survey/">FedRAMP Releases the FY22 Annual Survey</a> <p class="date"><strong>New Post</strong> | August 10, 2022</p> </li> <li class="current-post"> <a href="/assets/resources/documents/Reusing_Authorizations_for_Cloud_Products_Quick_Guide.pdf">Reusing Authorizations for Cloud Products Quick Guide</a> <p class="date"><strong>New Document</strong> | July 26, 2022</p> </li> <li class="current-post"> <a href="/2022-07-19-pmo-releases-subnetting-white-paper/">PMO Releases Subnetting White Paper</a> <p class="date"><strong>New Post</strong> | July 19, 2022</p> </li> <li class="current-post"> <a href="/2022-07-05-penetration-test-guidance/">Penetration Test Guidance Updates</a> <p class="date"><strong>New Post</strong> | July 5, 2022</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_Penetration_Test_Guidance.pdf">Penetration Test Guidance</a> <p class="date"><strong>Updated Document</strong> | June 30, 2022</p> </li> <li class="current-post"> <a href="/2022-06-28-update-poam-template/">Update to the Plan of Actions and Milestones Template</a> <p class="date"><strong>New Post</strong> | June 28, 2022</p> </li> <li class="current-post"> <a href="/2022-06-23-cisa-updated-tra/">CISA Releases Updated Cloud Security Technical Reference Architecture</a> <p class="date"><strong>New Post</strong> | June 23, 2022</p> </li> <li class="current-post"> <a href="/assets/resources/documents/FedRAMP_subnets_white_paper.pdf">Subnets White Paper</a> <p class="date"><strong>New Document</strong> | June 21, 2022</p> </li> <li class="current-post"> <a href="/2022-06-01-csp-prioritized-work-jab-fedramp-connect/">CSPs Prioritized to Work with the JAB and Next FedRAMP Connect Due Date</a> <p class="date"><strong>New Post</strong> | June 1, 2022</p> </li> <li class="current-post"> <a href="/2022-05-19-first-oscal-system-security-plan/">FedRAMP Receives First OSCAL System Security Plan</a> <p class="date"><strong>New Post</strong> | May 19, 2022</p> </li> <li class="current-post"> <a href="/2022-04-27-rev5-transition-update/">FedRAMP Rev. 5 Transition Update</a> <p class="date"><strong>New Post</strong> | April 27, 2022</p> </li> <li class="current-post"> <a href="/2022-03-16-responsibilities-annual-assessment/">Responsibilities of CSPs and 3PAOs for FedRAMP Annual Assessment</a> <p class="date"><strong>New Post</strong> | March 16, 2022</p> </li> <li class="current-post"> <a href="/2022-03-08-fedramp-bod-22-01-guidance/">FedRAMP BOD 22-01 Guidance</a> <p class="date"><strong>New Post</strong> | March 8, 2022</p> </li> <li class="current-post"> <a href="/2022-03-02-prepares-for-zero-trust-stance/">FedRAMP Prepares for 'Zero Trust' Stance</a> <p class="date"><strong>New Post</strong> | March 2, 2022</p> </li> <li class="current-post"> <a href="/2022-02-15-threat-based-methodology-update/">FedRAMP Updates the Threat-Based Methodology to Authorizations</a> <p class="date"><strong>New Post</strong> | February 15, 2022</p> </li> <li class="current-post"> <a href="/assets/resources/documents/Threat-Based_Risk_Profiling_Methodology.pdf">Threat-Based Risk Profiling Methodology White Paper</a> <p class="date"><strong>New Document</strong> | February 15, 2022</p> </li> <li class="current-post"> <a href="/2022-01-27-fy21-annual-survey-recap/">FedRAMP FY21 Annual Survey Recap</a> <p class="date"><strong>New Post</strong> | January 27, 2022</p> </li> <li class="current-post"> <a href="/2022-01-19-FedRAMP-Connect-Business-Case-Deadline-Extended/">FedRAMP Connect Business Case Deadline Extended</a> <p class="date"><strong>New Post</strong> | January 19, 2022</p> </li> <li class="current-post"> <a href="/2022-01-18-FedRAMP-Releases-Updated-CSP-Authorization-Playbook/">FedRAMP Releases Updated CSP Authorization Playbook</a> <p class="date"><strong>New Post</strong> | January 18, 2022</p> </li> <li class="current-post"> <a href="/2022-01-04-updated-rar-templates/">Readiness Assessment Report (RAR) Templates and Guide Updates for 3PAOs</a> <p class="date"><strong>New Post</strong> | January 4, 2022</p> </li> <li class="current-post"> <a href="/2021-12-21-FedRAMP-Publishes-Draft-Rev-5-Baselines/">FedRAMP Publishes Draft Rev. 5 Baselines</a> <p class="date"><strong>New Post</strong> | December 21, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-12-08/FedRAMP-Turns-10/">FedRAMP Turns 10!</a> <p class="date"><strong>New Post</strong> | December 8, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-12-07/A2LA-Updates-R346/">A2LA Updates the R346 Regarding Remote Baltimore Cyber Range Assessments</a> <p class="date"><strong>New Post</strong> | December 7, 2021</p> </li> <li class="current-post"> <a href="/2021-12-02-container-scanning/">Unique Vulnerability Counts with Container Scanning</a> <p class="date"><strong>New Post</strong> | December 2, 2021</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_POAM_Template_Completion_Guide.pdf">Plan of Action and Milestones (POA&M) Template Completion Guide</a> <p class="date"><strong>Updated Document</strong> | November 23, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-11-09-a-look-back-at-FY-21/">A Look Back at Fiscal Year 2021</a> <p class="date"><strong>New Post</strong> | November 9, 2021</p> </li> <li class="current-post"> <a href="/2021-11-02-csps-prioritized/">CSPs Prioritized to Work with the JAB and the Next FedRAMP Connect Due Date</a> <p class="date"><strong>New Post</strong> | November 2, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-10-28-Updated-Marketplace-Designations-Document/">FedRAMP Releases Updated Marketplace Designations Document for CSPs</a> <p class="date"><strong>New Post</strong> | October 28, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-10-20-Updated-Agency-Authorization-Playbook/">FedRAMP Releases Updated Agency Authorization Playbook</a> <p class="date"><strong>New Post</strong> | October 20, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-09-22/ATO-Letter-Submission/">The Importance of ATO Letter Submission</a> <p class="date"><strong>New Post</strong> | September 22, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-08-24/FedRAMP-Updates-CSP-SSP-Training/">FedRAMP Updates CSP SSP (200A) Training</a> <p class="date"><strong>New Post</strong> | August 24, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-08-12/FedRAMP-Releases-OSCAL-Validations/">FedRAMP Releases OSCAL Validations</a> <p class="date"><strong>New Post</strong> | August 12, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-08-10/FY-21-FedRAMP-Annual-Survey/">FedRAMP Releases the FY21 Annual Survey!</a> <p class="date"><strong>New Post</strong> | August 10, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-07-20-FedRAMP-Releases-Updated-OSCAL-Templates-Tools/">FedRAMP Releases Updated OSCAL Template & Tools</a> <p class="date"><strong>New Post</strong> | July 20, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-07-14-Public-Comment-Boundary-Guidance/">Requesting Public Comment on FedRAMP Authorization Boundary Guidance</a> <p class="date"><strong>New Post</strong> | July 14, 2021</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_A_FedRAMP_Authorization_Boundary_Guidance.pdf">FedRAMP Authorization Boundary Guidance</a> <p class="date"><strong>Updated Document</strong> | July 13, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-06-30-A2LA-Updates-the-R311/">A2LA Updates the R311</a> <p class="date"><strong>New Post</strong> | June 30, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-06-08-NISTs-OSCAL-1-0-0-Release/">FedRAMP Announces NIST’s OSCAL 1.0.0 Release</a> <p class="date"><strong>New Post</strong> | June 8, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-05-20-SA-4_IR-3_Updates/">An Update to FedRAMP’s Low, Moderate, and High Baseline SA-4 Controls and IR-3 High Baseline</a> <p class="date"><strong>New Post</strong> | May 20, 2021</p> </li> <li class="current-post"> <a href="/blog/2021-05-11-Remote-Testing-of-Datacenters/">Remote Testing of Datacenters</a> <p class="date"><strong>New Post</strong> | May 11, 2021</p> </li> <li class="current-post"> <a href="/2021-05-06-Rev5-Update/">Rev5 Transition Update</a> <p class="date"><strong>New Post</strong> | May 6, 2021</p> </li> <li class="current-post"> <a href="/2021-04-27-Connect-Business-Case-Deadline-Extended/">FedRAMP Connect Business Case Deadline Extended</a> <p class="date"><strong>New Post</strong> | April 27, 2021</p> </li> <li class="current-post"> <a href="/2021-04-15-Incident-Communications-Procedures/">Release of FedRAMP Incident Communications Procedures</a> <p class="date"><strong>New Post</strong> | April 15, 2021</p> </li> <li class="current-post"> <a href="/2021-03-30-CentOS-Linux-End-of-Life/">JAB Guidance on CentOS Linux End of Life</a> <p class="date"><strong>New Post</strong> | March 30, 2021</p> </li> <li class="current-post"> <a href="/2021-03-24-youtube-channel/">FedRAMP Launches YouTube Channel</a> <p class="date"><strong>New Post</strong> | March 24, 2021</p> </li> <li class="current-post"> <a href="/2021-03-16-Vulnerability-Scanning-doc/">Vulnerability Scanning Requirements for Containers</a> <p class="date"><strong>New Post</strong> | March 16, 2021</p> </li> <li class="current-post"> <a href="/assets/resources/documents/Vulnerability_Scanning_Requirements_for_Containers.pdf">Vulnerability Scanning Requirements for Containers</a> <p class="date"><strong>New Document</strong> | March 16, 2021</p> </li> <li class="current-post"> <a href="/2021-02-16-new-fedrampgov/">The New FedRAMP.gov</a> <p class="date"><strong>New Post</strong> | February 16, 2021</p> </li> <li class="current-post"> <a href="/2021-02-10-threat-based-methodology/">FedRAMP Explores a Threat-Based Methodology to Authorizations</a> <p class="date"><strong>New Post</strong> | February 10, 2021</p> </li> <li class="current-post"> <a href="/2021-01-27-csps-prioritized/">CSPs Prioritized to Work with the JAB and Next FedRAMP Connect Due Date</a> <p class="date"><strong>New Post</strong> | January 27, 2021</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_Timeliness_and_Accuracy_of_Testing_Requirements.pdf">Timeliness and Accuracy of Testing Requirements</a> <p class="date"><strong>New Document</strong> | December 11, 2020</p> </li> <li class="current-post"> <a href="/fedramp-hosts-a-3pao-interact-week/">FedRAMP Hosts a 3PAO Interact Week</a> <p class="date"><strong>New Post</strong> | December 1, 2020</p> </li> <li class="current-post"> <a href="/FedRAMP-NIST-Rev5-Transition-Plan/">FedRAMP’s NIST Rev5 Transition Plan</a> <p class="date"><strong>New Post</strong> | November 24, 2020</p> </li> <li class="current-post"> <a href="/csps-prioritized-to-work-with-the-jab-and-next-fedramp-connect-due-date/">CSPs Prioritized to Work with the JAB and Next FedRAMP Connect Due Date</a> <p class="date"><strong>New Post</strong> | October 9, 2020</p> </li> <li class="current-post"> <a href="/fedramp-reaches-200-authorizations/">FedRAMP Reaches 200 Authorizations</a> <p class="date"><strong>New Post</strong> | September 17, 2020</p> </li> <li class="current-post"> <a href="/updated-3PAO-obligations-and-performance-standards-document/">Updated 3PAO Obligations and Performance Standards document</a> <p class="date"><strong>New Post</strong> | September 1, 2020</p> </li> <li class="current-post"> <a href="/additional-fedramp-oscal-resources-and-templates/">Additional FedRAMP OSCAL Resources and Templates</a> <p class="date"><strong>New Post</strong> | August 20, 2020</p> </li> <li class="current-post"> <a href="/vulnerability-scanning-requirements-for-the-deployment-and-use-of-containers/">Requesting Public Comment on Vulnerability Scanning Requirements for the Deployment and Use of Containers</a> <p class="date"><strong>New Post</strong> | August 14, 2020</p> </li> <li class="current-post"> <a href="/take-the-fy20-annual-survey/">Please Take the FY20 FedRAMP Annual Survey!</a> <p class="date"><strong>New Post</strong> | August 5, 2020</p> </li> <li class="current-post"> <a href="/an-update-to-fedramps-high-baseline-sa-95-control/">An Update to FedRAMP’s High Baseline SA-9(5) Control</a> <p class="date"><strong>New Post</strong> | July 31, 2020</p> </li> <li class="current-post"> <a href="/fedramp-announces-document-and-template-updates/">FedRAMP Announces Document and Template Updates</a> <p class="date"><strong>New Post</strong> | July 23, 2020</p> </li> <li class="current-post"> <a href="/fedramp-announces-agency-liaison-program/">FedRAMP Announces Agency Liaison Program</a> <p class="date"><strong>New Post</strong> | June 24, 2020</p> </li> <li class="current-post"> <a href="/using-the-fedramp-oscal-resources-and-templates/">Using the FedRAMP OSCAL Resources and Templates</a> <p class="date"><strong>New Post</strong> | June 10, 2020</p> </li> <li class="current-post"> <a href="/how-agencies-can-reuse-a-fedramp-authorization/">Do Once, Use Many - How Agencies Can Reuse a FedRAMP Authorization</a> <p class="date"><strong>New Post</strong> | May 7, 2020</p> </li> <li class="current-post"> <a href="/jab-prioritized-csps-and-fedramp-connect-updates/">JAB Prioritized CSPs and FedRAMP Connect Updates</a> <p class="date"><strong>New Post</strong> | March 26, 2020</p> </li> <li class="current-post"> <a href="/FedRAMP-lessons-learned-for-small-businesses/">FedRAMP Lessons Learned for Small Businesses</a> <p class="date"><strong>New Post</strong> | February 26, 2020</p> </li> <li class="current-post"> <a href="/FedRAMP-looks-back-on-a-successful-2019/">FedRAMP Looks Back on a Successful FY2019</a> <p class="date"><strong>New Post</strong> | February 21, 2020</p> </li> <li class="current-post"> <a href="/FedRAMP-moves-to-automate-the-authorization-process/">FedRAMP Moves to Automate the Authorization Process</a> <p class="date"><strong>New Post</strong> | December 17, 2019</p> </li> <li class="current-post"> <a href="/A-Successful-FedRAMP-Startup-and-Small-Business-Meetup-in-San-Francisco/">A Successful FedRAMP Startup & Small Business Meetup in San Francisco</a> <p class="date"><strong>New Post</strong> | October 15, 2019</p> </li> <li class="current-post"> <a href="/FedRAMP-Connect-Results-and-Next-Round-of-Connect-Open-Until-September-13th/">FedRAMP Connect Results and Next Round of Connect Open Until September 13th</a> <p class="date"><strong>New Post</strong> | September 10, 2019</p> </li> <li class="current-post"> <a href="/FedRAMP-Heads-West-to-Host-Small-Business-&-Startup-Meetup/">FedRAMP Heads to San Francisco to Host Small Business & Startup Meetup</a> <p class="date"><strong>New Post</strong> | September 4, 2019</p> </li> <li class="current-post"> <a href="/Please-Take-the-FY19-FedRAMP-Annual-Survey/">Please Take the FY19 FedRAMP Annual Survey!</a> <p class="date"><strong>New Post</strong> | August 27, 2019</p> </li> <li class="current-post"> <a href="/FedRAMPs-Ideation-Challenge/">FedRAMP Launches Ideation Challenge</a> <p class="date"><strong>New Post</strong> | July 24, 2019</p> </li> <li class="current-post"> <a href="/FedRAMP-Marketplace-Guidance-Released/">FedRAMP Marketplace Guidance Released</a> <p class="date"><strong>New Post</strong> | June 20, 2019</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-ATO-Letter-Template.docx">FedRAMP ATO Letter Template</a> <p class="date"><strong>New Document</strong> | June 20, 2019</p> </li> <li class="current-post"> <a href="/Get-to-Know-Fedramps-Program0-Manager-of-Security-Operations/">Get to Know FedRAMP's Program Manager of Security Operations</a> <p class="date"><strong>New Post</strong> | May 30, 2019</p> </li> <li class="current-post"> <a href="/Meet-FedRAMPs-Customer-Success-Manager/">Meet FedRAMP's Customer Success Manager</a> <p class="date"><strong>New Post</strong> | May 8, 2019</p> </li> <li class="current-post"> <a href="/Best-Practices-for-Multi-Agency-Continuous-Monitoring/">Best Practices for Multi-Agency Continuous Monitoring</a> <p class="date"><strong>New Post</strong> | May 1, 2019</p> </li> <li class="current-post"> <a href="/reviewing-the-sar-best-practices-for-3paos-agencies-and-cloud-service-providers/">Reviewing the SAR - Best Practices for 3PAOs, Agencies, and Cloud Service Providers</a> <p class="date"><strong>New Post</strong> | March 7, 2019</p> </li> <li class="current-post"> <a href="/fedramp-updates-3pao-requirements/">FedRAMP Updates 3PAO Requirements</a> <p class="date"><strong>New Post</strong> | November 6, 2018</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-Significant-Change-Form-Template.pdf">FedRAMP Significant Change Form Template</a> <p class="date"><strong>New Document</strong> | August 28, 2018</p> </li> <li class="current-post"> <a href="/assets/resources/templates/FedRAMP-New-CSO-or-Feature-Onboarding-Request-Template.docx">FedRAMP New Cloud Service Offering (CSO) or Feature Onboarding Request Template</a> <p class="date"><strong>New Document</strong> | August 28, 2018</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_Significant_Change_Policies_and_Procedures.docx">Significant Change Policies and Procedures</a> <p class="date"><strong>New Document</strong> | August 28, 2018</p> </li> <li class="current-post"> <a href="/annual-assessment-guidance/">Annual Assessment Guidance</a> <p class="date"><strong>New Post</strong> | April 26, 2018</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_Continuous_Monitoring_Strategy_Guide.pdf">Continuous Monitoring Strategy Guide</a> <p class="date"><strong>New Document</strong> | April 4, 2018</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_Vulnerability_Scan_Requirements_Using_Sampling.pdf">Guide for Determining Eligibility and Requirements for the Use of Sampling for Vulnerability Scans</a> <p class="date"><strong>New Document</strong> | March 20, 2018</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_Automated_Vulnerability_Risk_Adjustment_Framework.pdf">Automated Vulnerability Risk Adjustment Framework Guidance</a> <p class="date"><strong>New Document</strong> | March 20, 2018</p> </li> <li class="current-post"> <a href="/impact-of-fedramp-for-small-businesses/">Impact of FedRAMP for Small Businesses</a> <p class="date"><strong>New Post</strong> | January 25, 2018</p> </li> <li class="current-post"> <a href="/understanding-baselines-and-impact-levels/">Understanding Baselines and Impact Levels in FedRAMP</a> <p class="date"><strong>New Post</strong> | November 16, 2017</p> </li> <li class="current-post"> <a href="/assets/resources/documents/CSP_JAB_P-ATO_Roles_and_Responsibilites.pdf">CSP JAB P-ATO Roles and Responsibilities</a> <p class="date"><strong>New Document</strong> | May 18, 2017</p> </li> <li class="current-post"> <a href="/assets/resources/documents/FedRAMP_Policy_Memo.pdf">FedRAMP Policy Memo</a> <p class="date"><strong>New Document</strong> | December 8, 2011</p> </li> </ul> </div> </div> </div> <!-- AV01 end --> <!-- SEARCH START DISABLED --> <!-- <div class="search-feature">--> <!-- <div class="search-wrapper">--> <form class="usa-search" id="searchgovform" action="/search-results/"> <label class="usa-sr-only" for="searchgovinput">Search</label> <input name="search" type="search" id="searchgovinput" placeholder="Search"> <button type="submit" id="searchgovbutton" title="Submit Search" value="Submit Search"> <span class="usa-search-submit-text"><img class="search-button-icon" src="/assets/img/search-magnifying-glass.svg" alt="" /></span> </button> </form> </div> </div> <!--SEARCH END --> <div class="usa-nav-container"> <!-- <div class="usa-navbar">--> <button class="usa-menu-btn"><i class="fas fa-bars"></i></button> <div class="usa-logo" id="logo"> <em class="usa-logo-text"> <a href="https://www.fedramp.gov" accesskey="1" title="Home" aria-label="Home"> <img class="desk" src="/assets/img/fedramp-logo-vert.svg" alt="FedRAMP.gov"> <img class="mobile" src="/assets/img/logo-mobile-fedramp.svg" alt="FedRAMP.gov"> </a> </em> </div> <!-- </div>--> <!-- --> <nav role="navigation" class="usa-nav nav focus-within" id="navigation"> <button class="usa-nav__close"> <img src="/assets/img/menu-close.svg" width="20" alt="close"> </button> <ul class="usa-nav-primary usa-accordion"> <!-- 1st level --> <li tabindex="0" aria-haspopup="true" class="main-parent parent">Updates & Priorities<img src="/assets/img/down-chevron.svg" width="18" alt="close"> <ul class="sub-menu dropdown" aria-label="submenu"> <!-- 2nd level --> <li> <a tabindex="0" href="/blog/"> Blog </a> </li> <li> <a tabindex="0" href="/updates/changelog/"> Changelog </a> </li> <li> <a tabindex="0" href="/updates/policy-and-guidance/"> Policy & Guidance Changes </a> </li> <li> <a tabindex="0" href="/updates/et-framework/"> Emerging Technology Framework </a> </li> <li> <a tabindex="0" href="/updates/pilots/"> FedRAMP Pilots </a> </li> <li> <a tabindex="0" href="/updates/platform/"> The FedRAMP Platform </a> </li> </ul> </li> <li tabindex="0" aria-haspopup="true" class="main-parent parent">Get Authorized<img src="/assets/img/down-chevron.svg" width="18" alt="close"> <ul class="sub-menu dropdown" aria-label="submenu"> <!-- 2nd level --> <li> <a tabindex="0" href="/program-basics/"> Program Basics </a> </li> <li> <a tabindex="0" href="/agency-authorization/"> Agency Authorization </a> </li> </ul> </li> <li tabindex="0" aria-haspopup="true" class="main-parent parent">Partners<img src="/assets/img/down-chevron.svg" width="18" alt="close"> <ul class="sub-menu dropdown" aria-label="submenu"> <!-- 2nd level --> <li> <a tabindex="0" href="/cloud-service-providers/"> Cloud Service Providers </a> </li> <li> <a tabindex="0" href="/federal-agencies/"> Federal Agencies </a> </li> <li> <a tabindex="0" href="/assessors/"> Assessors </a> </li> <li> <a tabindex="0" href="/governance/"> Governance </a> </li> </ul> </li> <li tabindex="0" aria-haspopup="true" class="main-parent parent">Resources<img src="/assets/img/down-chevron.svg" width="18" alt="close"> <ul class="sub-menu dropdown" aria-label="submenu"> <!-- 2nd level --> <li> <a tabindex="0" href="/documents-templates/"> Documents & Templates </a> </li> <li> <a tabindex="0" href="https://help.fedramp.gov/hc/en-us" target="_blank">Help Center</a> </li> <li> <a tabindex="0" href="/training/"> Training </a> </li> <li> <a tabindex="0" href="/baselines/"> Baselines </a> </li> <li> <a tabindex="0" href="/rev5-transition/"> Rev. 5 Transition </a> </li> <li> <a tabindex="0" href="/team/"> Meet the Team </a> </li> </ul> </li> <li> <a class="external" href="https://marketplace.fedramp.gov" target="_blank">Marketplace</a> <li> <a class="external" href="https://automate.fedramp.gov" target="_blank">Dev Hub</a> </ul> </nav> </div> </header> <main id="main"> <div class="page-banner-container"> <div class="page-banner"> <h1>Blog</h1> </div> </div> <section class="fedramp-page-container"> <div class="grid-container"> <div class="grid-row"> <div class="desktop:grid-col-9 desktop:padding-right-8"> <h2 class="blog-post">Penetration Test Guidance Public Comment Period</h2> <p class="date margin-bottom-2"><strong style="font-weight: 800;">March 4</strong> | 2024</p> <div class="page--banner"> <img src="/assets/img/blog-images/2024-02-29-penetration-test-guidance-public-comment-period.png" alt="Penetration Test Guidance Public Comment Period" title="Penetration Test Guidance Public Comment Period"> </div> <!-- <div class="author-date"> <p class="by">By FedRAMP</p> <span class="tag"> </span> </div> --> <p>FedRAMP is seeking feedback on the draft <a href="/assets/resources/documents/CSP_Penetration_Test_Guidance_public_comment.pdf" target="_blank" rel="noopener noreferrer">FedRAMP Penetration Test Guidance</a>. The <a href="https://www.fedramp.gov/assets/resources/documents/CSP_Penetration_Test_Guidance.pdf" target="_blank" rel="noopener noreferrer">original guidance</a> provides requirements for organizations planning to conduct a FedRAMP penetration test to identify weaknesses in their IT system, as well as the associated attack vectors and overall reporting requirements.</p> <p>The FedRAMP Rev. 5 High, Moderate, Low, and Li-SaaS baselines include an annual requirement for penetration testing. For FedRAMP Low and Li-SaaS baselines, an independent assessor is not required and scope can be limited to public facing applications in alignment with <a href="https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf" target="_blank" rel="noopener noreferrer">OMB Memorandum M-22-09</a>.</p> <p>The updated guidance explains the requirements for organizations executing FedRAMP penetration tests and reporting testing results. Third Party Assessment Organizations (3PAOs) must follow the requirements for testing implementation. Cloud Service Providers can use the guidance to understand the scope of, and their role in the 3PAO testing. The guidance has been updated to include the Red Team Testing Requirements. More information can be found in our most recent <a href="https://www.fedramp.gov/2024-02-16-rev-5-additional-documents-released/" target="_blank" rel="noopener noreferrer">blog post</a> highlighting the additional Rev. 5 documents that were released, which were adopted in FedRAMP baselines. FedRAMP does not provide a Penetration Testing and Reporting template.</p> <p>The existing FedRAMP Penetration Test Guidance vectors are based on threat and attack models listed in the updated guidance. These have remained standard. However, based on the current threat environment, FedRAMP understands additional attack vectors might be defined for consideration, e.g., vectors applicable to Data Loss Prevention subsystems. If a stakeholder feels it reasonable to include additional attack vectors for consideration, the additional threat and attack models should also be included, as applicable. At a minimum, FedRAMP requires that all mandatory attack vectors outlined in the FedRAMP Penetration Test Guidance are covered in every 3PAO Penetration Test and Report.</p> <p>Additionally, several other requirements were updated to provide clarity and ensure that requirements were identified as mandatory instead of optional. Outlined below are the most notable updates:</p> <ul> <li><a href="https://www.fedramp.gov/assets/resources/documents/FedRAMP_Security_Controls_Baseline.xlsx" target="_blank" rel="noopener noreferrer">NIST SP 800-53 Revision 5 update</a> - Security Control CA-8(2) Security Assessment and Authorization, Penetration Testing, Red Team Exercises for all FedRAMP High and Moderate criticality systems added as Appendix E: Red Team Exercises.</li> <li>Language clarifications to ensure that the mandatory requirements are better understood.</li> <li>Detailed explanation of the Email Phish Campaign requirements to most effectively conduct the campaign. Updates were made for landing page requirements for CSP personnel who are victims of the campaign.</li> <li>Addition of references to the <a href="https://attack.mitre.org/matrices/enterprise/" target="_blank" rel="noopener noreferrer">MITRE ATT&amp;CK(R) Matrix for Enterprise</a> and the <a href="https://csrc.nist.gov/glossary/term/red_team" target="_blank" rel="noopener noreferrer">NIST Red Team Definition</a>.</li> </ul> <p>Note that the CA-8(2) Red Team Testing Requirements outlined in the Penetration Test Guidance address the NIST/FedRAMP testing requirements, and are not the same as the ‘intensive, expert-led “red team”’ assessments referred to in the Office of Management and Budget draft memo, <a href="https://www.cio.gov/assets/files/resources/FedRAMP-updated-draft-guidance-2023.pdf" target="_blank" rel="noopener noreferrer">Modernizing the Federal Risk and Authorization Management Program (FedRAMP)</a> (which was <a href="https://www.fedramp.gov/2023-10-27-omb-fedramp-memo/" target="_blank" rel="noopener noreferrer">discussed previously</a> on the FedRAMP blog).</p> <p>If you have comments, edits, or feedback on the draft updated Penetration Test Guidance, submit them via the <a href="https://app.smartsheetgov.com/b/form/70df02fe42ae4c86bc07470021501add" target="_blank" rel="noopener noreferrer">Public Comments_Draft Penetration Test Guidance form</a> by April 24, 2024. Please be sure to include the specific draft section to which your question or comment refers. To read comments that have already been submitted, you may view the <a href="https://app.smartsheetgov.com/b/publish?EQBCT=a6d4817ee88a49dd97d1c21e3d5aeafa" target="_blank" rel="noopener noreferrer">Public Comments Draft Penetration Test Guidance read-only version</a>.</p> <p>As always, we appreciate your input. If you have any questions please email <a href="mailto:info@fedramp.gov" target="_blank" rel="noopener noreferrer">info@fedramp.gov</a>.</p> <p class="back-to-blog margin-top-4"><a href="/blog/" class="back-to-blogs-button"><i class="fas fa-arrow-circle-left fa-lg text-red blog-icon margin-right-2"></i> Back to Blogs</a></p> </div> <aside class="desktop:grid-col-3"> <div class="blog-sidebar"> <h3 class="no-line">Recent Posts</h3> <ul> <li> <a href="/2024-10-15-fedramp-help-center/">FedRAMP Help Center</a> </li> <li> <a href="/2024-09-27-agile-delivery-pilot-update/">FedRAMP Agile Delivery Pilot Update</a> </li> <li> <a href="/2024-09-03-the-missing-piece-of-our-modernization-puzzle-the-fedramp-platform/">The Missing Piece of Our Modernization Puzzle&#58; The FedRAMP Platform</a> </li> <li> <a href="/2024-08-28-digital-authorization-pilot/">Digital Authorization Package Pilot Launch</a> </li> <li> <a href="/2024-08-27-welcoming-a-new-leader-for-a-new-fedramp/">Welcoming a New Leader for a New FedRAMP</a> </li> </ul> </div> </aside> </div> </div> </section> <a id="topButton"></a> </main> <!-- New Footer --> <footer class="usa-footer usa-footer-medium" role="contentinfo"> <!-- Footer columuns --> <div class="footer-container"> <div class="footer-col-1-phone"> <div class="footer-col f-col-1"> <p>The Federal Risk and Authorization Management Program (FedRAMP®) is managed by the FedRAMP Program Management Office.</p> <p>The FedRAMP name and the FedRAMP logo are the property of the General Services Administration (GSA) and may not be used without GSA’s express, written permission. For more information, please see the <a class="footer-brand-guide-link" href="/assets/resources/documents/FedRAMP_Branding_Guidance.pdf" target="_blank">FedRAMP Brand Guide</a>.</p> </div> <div class="footer-col f-col-2"> <div class="street-address"> <h4>Connect With Us</h4> <p>Please reach out to FedRAMP with any questions.</p> </div> <div class="info-mailbox"> <p class="footer-contact"><a class="" href="mailto:info@FedRAMP.gov" target="_blank"> <img class="footer-mail-icon" src="/assets/img/footer-mail-icon.svg" alt="mail to fedramp">info@FedRAMP.gov</a></p> </div> </div> <div class="clearfix mobile-clear"></div> </div> <div class="footer-row"> <div class="footer-col f-col-3"> <div class="footer-social"> <h4>Follow Us</h4> </div> <div class="footer-social"> <p><a target="_blank" href="https://x.com/fedramp?lang=en"> <img src="/assets/img/FedRAMP_X.svg" alt="x icon" style="margin: 0px 15px 0px 0px; position: relative; top: 8px; height:28px; width:28px;}"> X </a></p> <p><a target="_blank" href="https://www.youtube.com/c/FedRAMP?lang=en"> <img src="/assets/img/FedRAMP-youtube.svg" alt="youtube icon" style="margin: 0px 15px 0px 0px; position: relative; top: 8px;"> YouTube </a></p> </div> </div> </div> <div class="footer-col f-col-4"> <div class="newsletter-footer"> <form id="contact" action="https://public.govdelivery.com/accounts/USGSA/subscriber/topics?qsp=USGSA_2224" method="POST"> <h4>Keep Up To Date</h4> <p>To receive news and updates, join the GSA’s <span class="no-wrap;">subscriber list.</span></p> <div class="newsletter-inner"> <a class="footer-submit" href="https://public.govdelivery.com/accounts/USGSA/subscriber/new" target="_blank">Subscribe</a> </div> </form> </div> </div> <div class="clearfix"></div> </div> <!-- Bottom Footer --> </footer> <div class="usa-identifier"> <section class="usa-identifier__section usa-identifier__section--masthead" aria-label="Agency identifier," style="padding-bottom: 0;"> <div class="footer-container"> <div class="usa-identifier__container"> <div> <a href="https://www.gsa.gov/" target="_blank"><img class="usa-footer-logo-img" src="/assets/img/gsa-reversed-logo.svg" alt="GSA logo"></a> </div> <div class="usa-identifier__identity" aria-label="Agency description"> <p class="usa-identifier__identity-domain">FedRAMP.gov</p> <p class="usa-identifier__identity-disclaimer"> <span aria-hidden="true">An </span> official website of the GSA’s <a href="https://www.gsa.gov/about-us/organization/federal-acquisition-service/technology-transformation-services" class="gov-links">Technology Transformation Services</a> </p> </div> </div> </div> </section> <div class="footer-container" style="padding-bottom: 0;"> <nav class="usa-identifier__section usa-identifier__section--required-links" aria-label="Important links," > <div class="usa-identifier__container"> <ul class="usa-identifier__required-links-list"> <li class="usa-identifier__required-links-item"> <a href="https://www.gsa.gov/about-us" class="usa-identifier__required-link usa-link" >About GSA</a > </li> <li class="usa-identifier__required-links-item"> <a href="https://www.gsa.gov/website-information/accessibility-statement" class="usa-identifier__required-link usa-link" >Accessibility statement</a > </li> <li class="usa-identifier__required-links-item"> <a href="https://www.gsa.gov/reference/freedom-of-information-act-foia" class="usa-identifier__required-link usa-link" >GSA FOIA</a > </li> <li class="usa-identifier__required-links-item"> <a href="https://www.gsa.gov/reference/civil-rights-programs/notification-and-federal-employee-antidiscrimination-and-retaliation-act-of-2002" class="usa-identifier__required-link usa-link" >No FEAR Act data</a > </li> <li class="usa-identifier__required-links-item"> <a href="https://www.gsaig.gov/" class="usa-identifier__required-link usa-link" >Office of the Inspector General</a > </li> <li class="usa-identifier__required-links-item"> <a href="https://www.gsa.gov/reference/reports" class="usa-identifier__required-link usa-link" >Performance reports</a > </li> <li class="usa-identifier__required-links-item"> <a href="https://www.gsa.gov/website-information/website-policies#privacy" class="usa-identifier__required-link usa-link" >GSA privacy policy</a > </li> <li class="usa-identifier__required-links-item"> <a href="https://www.gsa.gov/vulnerability-disclosure-policy" class="usa-identifier__required-link usa-link" >Vulnerability disclosure policy</a > </li> </ul> </div> </nav> </div> <section class="usa-identifier__section usa-identifier__section--usagov" aria-label="U.S. government information and services,"> <div class="footer-container"> <div class="usa-identifier__container"> <div class="usa-identifier__usagov-description" style="margin-left: 0;"> Looking for U.S. government information and services? </div> <a href="https://www.usa.gov/" class="usa-link gov-links">Visit USA.gov</a> </div> </div> </section> </div> <script src="/assets/vendor/uswds-2.8.0/js/uswds.min.js"></script> <script src="/assets/vendor/jquery-3.6.0.min.js"></script> <script src="/assets/js/index.min.js"></script> <script src="/assets/js/functions.min.js" type="text/javascript"></script> <script src="/assets/js/tabs.min.js" type="text/javascript" defer></script> <script src="/assets/js/inpageNav.js" type="text/javascript" defer></script> <script src="/assets/js/fedramp-totals.js" type="text/javascript"></script> <script src="/assets/js/glance.js"></script> <style> </style> <div> <div id="cookie-notice"> <div class="cookie-container"> <div class="cookie-notice cookie-text"><p>You consent to our cookies by clicking “I Accept” or by continuing to use our website. See <a href="https://www.gsa.gov/website-information/website-policies" target="_blank" class="more-info btn btn-primary btn-sm">cookies policy</a>.</p></div> <div class="cookie-accept-container"> <a id="cookie-notice-accept" class="btn btn-primary btn-sm cookie-accept">I Accept</a> </div> </div> </div> </div> <script> function createCookie(name,value,days) { var expires = ""; if (days) { var date = new Date(); date.setTime(date.getTime() + (days*24*60*60*1000)); expires = "; expires=" + date.toUTCString(); } document.cookie = name + "=" + value + expires + "; path=/"; } function readCookie(name) { var nameEQ = name + "="; var ca = document.cookie.split(';'); for(var i=0;i < ca.length;i++) { var c = ca[i]; while (c.charAt(0)==' ') c = c.substring(1,c.length); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length); } return null; } function eraseCookie(name) { createCookie(name,"",-1); } if(readCookie('cookie-notice-dismissed')=='true') { } else { document.getElementById('cookie-notice').style.display = 'inline'; } document.getElementById('cookie-notice-accept').addEventListener("click",function() { createCookie('cookie-notice-dismissed','true',31); document.getElementById('cookie-notice').style.display = 'none'; location.reload(); }); </script> <a id="button"></a> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10