Inside Cybersecurity

March 29, 2024

Daily News

FedRAMP updates assessment gap plan documentation to include details on patching known vulnerabilities

By Sara Friedman / June 29, 2022

The General Services Administration’s FedRAMP program has updated its assessment gap template for cloud service providers to submit details on their efforts to patch known vulnerabilities identified by CISA, as part of an effort to make it easier for agencies to comply with a binding operational directive.

CISA issued a binding operational directive in November establishing a “living” catalog of known exploited vulnerabilities and requirements for agencies to remediate them as added.

Cloud service providers are required to submit...


Log in to access this content.


Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.