BOD 26-04 - Existing Rev. 5 Authorizations #143
Replies: 1 comment 1 reply
-
|
We'll likely put out a notice on this next week, but it's tied up with some other comms we're working on and some other internal discussions. In short, cloud service providers that follow the Vulnerability Detection and Response (and Vulnerability Evaluation and Reporting) rules are good with BOD 26-04 by default. We may need to accelerate mandatory adoption of the VDR to align with BOD 26-04, but haven't determined the most effective way to align these requirements for folks who aren't ready to move to the VDR yet. |
Beta Was this translation helpful? Give feedback.
-
|
Roger that - thanks for the quick reply, @pete-gov. Much appreciated. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi FedRAMP Team - Given CISA's release of BOD 26-04 this week, should the community be expecting any communications / public notices forthcoming from FedRAMP on the topic? The FAQ in the Implementation Guidance does directly touch upon FedRAMP applicability, but am curious if we should be on the lookout for anything further from the PMO here, specifically for those of us currently executing Rev. 5 certified systems. Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions