Why How It Works Features Pricing Blog

Sign in Request demo

FRR-VDR

Vulnerability Detection and Response

The Vulnerability Detection and Response rules require providers to continuously identify, analyze, prioritize, mitigate, and remediate vulnerabilities and related exposures through automated systems. These rules give providers flexibility in implementation while ensuring agencies receive the information needed to support ongoing authorization decisions.

35 provider requirements across 5 subsets.

CSO

General Provider Responsibilities

These rules apply to all providers with FedRAMP Certifications of any type.

BST

Best Practices

These recommendations for best practices apply to all cloud service providers.

EVA

Evaluation

These rules apply to the evaluation of vulnerabilities.

RPT

Reporting

These rules apply to reporting related to vulnerability detection and response.

TFR

Timeframes

These rules apply to timeframes for vulnerability detection and response.