FedRAMP's Role in Cyber Hygiene
Continuous monitoring has always been a fundamental requirement of the FedRAMP program, this includes not only the annual security assessments conducted by 3PAOs but also the continuous monitoring activities that CSPs must meet to maintain their FedRAMP recognition. These continuous monitoring activities include:
- Annual security and awareness training
- Vulnerability scanning
- Web application scanning
- Contingency plan testing
- Incident response plan testing
They also include other continuous monitoring activities to improve the CSP security posture, resulting in better Cyber Hygiene. However, these practices should not be limited to the authorized boundary but should be implemented by the CSP organization-wide to ensure good Cyber Hygiene across the corporate infrastructure.