Document Category: Continuous Monitoring

This guide describes the requirements for all vulnerability scans provided by service providers to StateRAMP for products with a Ready, Provisional, or Authorized status.

This document describes the process for StateRAMP stakeholders to use when reporting information concerning information system security incidents or suspected information system security incidents.

Continuous monitoring review procedures outline the process to examine each monthly package.

This document explains the actions taken when a service provider fails to maintain an adequate continuous monitoring program.