HOME

RA-5 (5)

RA-5 (5) H M
Description

The information system implements privileged access authorization to [Assignment: organization- identified information system components] for selected [Assignment: organization-defined vulnerability scanning activities].

FedRAMP
  • H RA-5 (5)-1 [operating systems / web applications / databases] RA-5 (5)-2 [all scans]
  • M RA-5 (5)-1 [operating systems / web applications / databases] RA-5 (5)-2 [all scans]
DISA Cloud Computing SRG

all information systems and infrastructure components

Not appropriate for DoD to define for all CSP's infrastructure or service offerings

Source:
DoD RMF TAG

Supplemental Guidance

In certain situations, the nature of the vulnerability scanning may be more intrusive or the information system component that is the subject of the scanning may contain highly sensitive information. Privileged access authorization to selected system components facilitates more thorough vulnerability scanning and also protects the sensitive nature of such scanning.