© 2022 Anchore, Inc. All rights reserved. | Legal

FedRAMP Requirements Checklist for Container Vulnerability Scanning

Important changes to FedRAMP Rev 5 that impact container security

FedRAMP compliance is a massive and time consuming initiative for any organization. But if you're a cloud service provider (IaaS, PaaS, or SaaS) that wants to work with the federal government it is a mandatory certification.

Vulnerability scanning is a critical control family (RA-5) within the FedRAMP standard. With the release of FedRAMP Revision 5, there have been important changes. Specifically, the new requirements regarding STIG and CISA’s Known Exploited Vulnerabilities (KEV).

This checklist distills the container vulnerability requirements of FedRAMP to accelerate the compliance process.


The checklist includes:

7 container vulnerability requirements of FedRAMP

How to expedite FedRAMP compliance with this checklist

Steps to select and implement a container vulnerability scanner that is FedRAMP-compliant