The Operating Systems (OS), Web, Database (DB) and Virtual Machine (VM) environments, for the cloud computing service model, must be assessed using FCCI approved software tools. An agreed upon percentage of system components will be Scanned using:
- Operating Systems (OS) / VM - Nessus
- Web – Acunetix
- Database - AppDetective
- Database – Manual GSA Checklist
Note 1: All assets/devices, or a representative sample within the boundary must be assessed.
Note 2: No High Risk Findings (Scan Results – OS / Web / Database).
Note 3: Penetration testing is required for the FedRAMP assessment.