U.S. flag

An official website of the United States government

Archive Icon The content on this page is archived. For more up-to-date information, go to fedramp.gov.
Warning Icon

Important Notice

FedRAMP is operating mission-essential functions only due to the government shutdown. Please visit fedramp.gov/shutdown for more information.
Penetration Test Guidance Updates

Penetration Test Guidance Updates

July 4, 2022

We’re excited to announce the release of FedRAMP’s updated Penetration Test Guidance!

These updates were made to address the ever-changing cybersecurity landscape. Revisions include updated guidance around existing and new threats as well as addressing attack vectors so they’re in alignment with current best practices.

The revision process included the following initiatives:

  • Gathered input from Third Party Assessment Organizations (3PAOs) via surveys and direct conversations.
  • Solicited input from penetration testing subject matter experts, both within the government and 3PAOs.
  • Conducted two Technical Exchange Meetings (TEMs) with 3PAOs and Joint Authorization Board (JAB) Technical Reviewer(TR)-recommended SMEs,
  • Engaged a JAB member with a Certified Ethical Hacker (CEH) certification to review the updated guidance and provide us with feedback.
    You can access the updated Penetration Test Guidance on fedramp.gov.

Thank you to all of our stakeholders who participated in the development of this document!

Please reach out to info@fedramp.gov with any questions.