Requesting Public Comment on Vulnerability Scanning Requirements for the Deployment and Use of Containers
Technology changes rapidly and Cloud Service Providers (CSPs) continue to evolve in order to improve and adapt to customer needs. Some technology changes affect how continuous monitoring is performed. In response to requests from industry and to bridge the vulnerability scanning compliance gaps between traditional cloud systems and containerized cloud systems, FedRAMP developed the Vulnerability Scanning Requirements for the Deployment and Use of Containers (DRAFT) document.
This document addresses FedRAMP compliance pertaining to the processes, architecture, and security considerations specific to vulnerability scanning for cloud systems using container technology. The requirements described in this document are part of the FedRAMP Continuous Monitoring Strategy Guide and FedRAMP Vulnerability Scanning Requirements . The vulnerability scanning requirements for containerized systems serve to supplement and update existing requirements defined in those documents.
FedRAMP and the JAB would like your feedback on this document before the final version is published. Please submit your comments to firstname.lastname@example.org by September 11, 2020.