Penetration Test Guidance Updates
We’re excited to announce the release of FedRAMP’s updated Penetration Test Guidance!
These updates were made to address the ever-changing cybersecurity landscape. Revisions include updated guidance around existing and new threats as well as addressing attack vectors so they’re in alignment with current best practices.
The revision process included the following initiatives:
- Gathered input from Third Party Assessment Organizations (3PAOs) via surveys and direct conversations.
- Solicited input from penetration testing subject matter experts, both within the government and 3PAOs.
- Conducted two Technical Exchange Meetings (TEMs) with 3PAOs and Joint Authorization Board (JAB) Technical Reviewer(TR)-recommended SMEs,
- Engaged a JAB member with a Certified Ethical Hacker (CEH) certification to review the updated guidance and provide us with feedback.
You can access the updated Penetration Test Guidance on fedramp.gov.
Thank you to all of our stakeholders who participated in the development of this document!
Please reach out to firstname.lastname@example.org with any questions.