The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP third-party attestation is done by approved Third Party Assessor Organizations (3PAO). The testing includes both discovery and exploitation steps. See the data sheet for detailed information on each Attack Surface (Mobile, Web, API) and the FedRAMP requirements.
Data Theorem helps your applications comply to third-party assessments when it comes to attestation for certain regulation standards. We will outline what we support and what is required for penetration test or vulnerability analysis when it comes to specific regulation standards. Data Theorem supports any recommended criteria, and your organizations can operate at ease knowing that you will be ready for any third-party reviews.
FedRAMP Guidelines for Penetration Testing | Selected DT Coverage in Mobile/Web/API Secure Products |
Discovery (FedRAMP 5.2,5.3) |
|
Exploitation (FedRAMP 5.7.2) |
|
Post-Exploitation (FedRAMP 5.7.2) | Authorization Checks |
Data Theorem helped Evernote identify and close 105 security issues and remove 17 harmful 3rd-party libraries, all before releasing them to the public app stores.