This Community Working Group will launch on:
Monday, March 31, 2025.
Details on how to participate will be posted shortly.
What You’ll Work On
In the new FedRAMP, the PMO will no longer force industry cloud service providers to upload raw vulnerability scan logs to a central FedRAMP service, and then process log files to generate reports manually. Cloud service providers will instead generate reports directly using their own automation systems against a simple standard, and then make those reports available to customers via normal channels.
Your focus in this working group will be on developing a standard for continuous monitoring reporting by cloud service providers with FedRAMP Rev 5 (and those on legacy Rev 4) authorizations that meet the needs of agency security professionals to validate the risk posture of the CSO. Providers will no longer be expected to upload scan logs to a central service, but will instead develop simple standard reports to make directly available to customers via their partner portals.
Target Audience
- Cloud Service Providers who are currently FedRAMP Authorized under Rev5 or are in the review pipeline
- Agency Security Teams who are currently performing continuous monitoring under Rev5
- Third-Party Assessment Organizations (3PAOs)
- FedRAMP Advisors/Consultants
