Introduction¶
Continuous Monitoring Balance Improvement Releases
Many of the requirements in this section have optional alternatives available via Balance Improvement Releases - these sections have a note like this at the beginning.
This FedRAMP Continuous Monitoring (ConMon) Playbook provides an overview of FedRAMP Rev 5 continuous monitoring (ConMon) requirements and activities, along with guidance and best practices. The information in this playbook applies to cloud service offerings (CSOs) authorized via the legacy JAB path and current Rev5 Agency Authorization path. This playbook is a consolidation of the following ConMon-related guidance previously provided as standalone documents:
- FedRAMP Continuous Monitoring Strategy Guide, version 3.2 (2018)
- FedRAMP Vulnerability Scanning Requirements, version 3.0 (2024)
- FedRAMP Vulnerability Scanning Requirements for Containers, version 1.0 (2021)
- FedRAMP Guide for Determining Eligibility and Requirements for the Use of Sampling for Vulnerability Scans, version 1.0 (2018)
- Vulnerability Scanning FAQ (2025)
- FedRAMP Annual Assessment Guidance, version 3.0 (2024)
- FedRAMP Significant Change Policies and Procedures, version 1.0 (2018)
- FedRAMP Incident Communications Procedures, version 5.0 (2024)
- FedRAMP Collaborative ConMon Quick Guide (2023)
- FedRAMP Continuous Monitoring Performance Management Guide, version 3.0 (2023)
Do not use outdated materials!
All of the materials mentioned above should be considered rescinded and replaced; they are outdated and must not be used.