Resources

XRAMP – Security Assessments Evolved

Point in time security assessments have been around a long time. Do they provide the level of assurance that business, downstream customers, and the government expects? Is it enough in the digital world that is constantly evolving? The concept of continuous assurance isn’t new, but limited progress has been made in terms of the way we manage risk. This traditional assessment model will not change overnight, but there absolutely has to be a better to way improve it.

  • Filter
Blog

CVSS Scoring & FedRAMP – What You Need to Know?

Commercial cloud service providers (CSPs) are responsible for maintaining a similar risk profile to the risks identified within their most recent Security Assessment Report (SAR). CSPs submit continuous monitoring deliverables each month for review by the FedRAMP PMO and their sponsoring agency or the Joint Authorization Board (JAB). These deliverables include a Plan of Action & Milestones (POA&M) and a Deviation Request (DR) list. FedRAMP Vulnerability Scanning Guidance from March 2018 requires that the vulnerabilities listed on these documents use the CVSSv3 calculation, when available, to determine a risk rating.

Read More

Contact us to discuss your cyber and cloud business needs. We’re happy to share our insights and work with you as your business evolves.

    Simplifying Cybersecurity Complexities

    Compliance

    Cybersecurity

    Insights

    Company

    Stay informed with our Industry Compliance Roadmaps, Technical Testing, Interviews and Resources to help you simplify cybersecurity and compliance.

      Copyright © 2025 Fortreum. All Rights Reserved.
      Facebook-f Twitter Linkedin-in