FedRAMP

Josef Kamara, CPA, CISSP, CISA · Updated May 6, 2026 · 1 minute read

ConMon Reports

The monthly continuous monitoring deliverables FedRAMP requires from authorized cloud service providers: vulnerability scan results from operating system, web application, and database scanners; an updated Plan of Action and Milestones; a deviation request log; and an inventory of changes. Late or incomplete ConMon submissions are the most common trigger for FedRAMP corrective action and, in repeated cases, authorization suspension.

The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.