FedRAMP RA-5

Comply with FedRAMP RA-5 (a), which requires monthly testing of Cloud & API assets (API, Web, and Cloud seucrity).

FedRAMP Evaluation

The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud & API assets. The testing includes both discovery and exploitation steps. See the data sheet for detailed information on each Attack Surface (API, Web, and Cloud) and the FedRAMP requirements.

FedRAMP With Data Theorem

Data Theorem helps your applications comply to third-party assessments when it comes to attestation for certain regulation standards. We will outline what we support and what is required for penetration test or vulnerability analysis when it comes to specific regulation standards. Data Theorem supports any recommended criteria, and your organizations can operate at ease knowing that you will be ready for any third-party reviews.

FedRAMP Guidelines for Penetration Testing Selected DT Coverage in API/Web/Cloud Products
Discovery (FedRAMP 5.2,5.3)
  • Public Internet Discovery/Scanning: Find potential publicly available vulnerabilities or attack vectors
  • Application Asset Discovery: Map all content and functionality, navigate through the app to determine functionality and workflow
  • Access: Authentication and Authorization checks including in Cloud Building Blocks
  • User flow through app (dynamic scans)
  • Web Secure Configuration and Certification checks on web apps
Exploitation (FedRAMP 5.7.2)
  • Dynamic Scans
  • Encryption checks
  • Hack & Extract, Keys to the Kingdom
  • SQLi and XSS hacking
Post-Exploitation (FedRAMP 5.7.2) Authorization Checks
Read the Datasheet

Get Started with Data Theorem Today!

Free Trial