As the Federal Risk and Authorization Management Program (FedRAMP) gears up for its 20x Phase Two pilot, it released this week two new requests for comment (RFC) and a new Vulnerability Detection and Response (VDR) Standard. […]

The General Services Administration’s FedRAMP program is midway through a generational makeover to accelerate the pace of its work in evaluating the security of cloud services used by the government, and Brian Conrad – who ran the program from 2021 to 2024 leading into the current wave of change – is liking what he sees thus far. […]

The Federal Risk and Authorization Management Program (FedRAMP) is working on proposed changes to current continuous monitoring reporting standards and data repository standards and expects to release draft versions of those proposed changes in the May-July time frame. […]

The Federal Risk and Authorization Management Program’s (FedRAMP) Program Management Office (PMO) is in the process of drafting a standard for low-impact key security indicators (KSIs) as part of ongoing work on the program’s “20x” revamp unveiled on March 24. […]

The Federal Risk and Authorization Management Program (FedRAMP) is aiming to maximize its use of existing commercial security frameworks and reduce redundant documentation requirements as part of its “20x” program revamp, program officials said today. […]