Control statement
Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes the following:
(a) Effectiveness monitoring;
(b) Compliance monitoring; and
(c) Change monitoring. Parameter placeholders {{ insert: param, … }} reference FedRAMP-set values in the resolved profile. Full parameter map is
preserved in the catalog database.
Covered by these Key Security Indicators
| KSI | Title | Category |
|---|---|---|
| KSI-AFR-04 | Vulnerability Detection and Response Document the vulnerability detection and vulnerability response methodology used within the cloud service offering in alignment with the FedRAMP Vulnerability Detection and Response (VDR) process and persistently address all related requirements and recommendations. | Authorization by FedRAMP |
| KSI-AFR-05 | Significant Change Notifications Determine how significant changes will be tracked and how all necessary parties will be notified in alignment with the FedRAMP Significant Change Notifications (SCN) process and persistently address all related requirements and recommendations. | Authorization by FedRAMP |
| KSI-TPR-03 | Supply Chain Risk Management _Persistently_ identify, review, and mitigate potential supply chain risks. | Third-Party Information Resources |