The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud & API assets. The testing includes both discovery and exploitation steps. See the data sheet for detailed information on each Attack Surface (API, Web, and Cloud) and the FedRAMP requirements.
FedRAMP With Data Theorem
Data Theorem helps your applications comply to third-party assessments when it comes to attestation for certain regulation standards. We will outline what we support and what is required for penetration test or vulnerability analysis when it comes to specific regulation standards. Data Theorem supports any recommended criteria, and your organizations can operate at ease knowing that you will be ready for any third-party reviews.
|FedRAMP Guidelines for Penetration Testing||Selected DT Coverage in API/Web/Cloud Products|
|Discovery (FedRAMP 5.2,5.3)||
|Exploitation (FedRAMP 5.7.2)||
|Post-Exploitation (FedRAMP 5.7.2)||Authorization Checks|