Document Tag: documents library

Vulnerability Deviation Request Form

When a service provider identifies a vulnerability that potentially warrants different handling than normally required by GovRAMP, they may submit a deviation request to GovRAMP using this form.

Incident Communications Procedures

This document describes the process for GovRAMP stakeholders to use when reporting information concerning information system security incidents or suspected information system security incidents.

Vulnerability Scan Requirements Guide

This guide describes the requirements for all vulnerability scans provided by service providers to GovRAMP for products with a Ready, Provisionally Authorized, or Authorized status.

Continuous Monitoring Guide

Continuous monitoring review procedures outline the process to examine each monthly package.

Data Classification Tool

This document helps service providers and governments determine what GovRAMP security category requirements to use to ensure their data is protected.

Baseline Controls

This document provides the security control baselines. All of the security controls listed in the table are outlined in NIST 800-53 Rev. 4. (Retired October 1, 2024)