By GCN Staff Mar 16, 2021 The Federal Risk and Authorization Management Program has released supplemental requirements to ensure cloud service providers (CSPs) keep their container technology in compliance. Released March 16, the document, Vulnerability Scanning Requirements for Containers, bridges the compliance gaps between traditional cloud and containerized systems by describing “the processes, architecture and security considerations specific to vulnerability scanning for cloud systems using container technology.” Containers can be installed on bare metal or virtual machines, on-premise systems or within elastic cloud environments and are deployed and managed with various orchestration tools, the document states. According to FedRAMP, the technology introduces risk due to unvalidated external software, non-standard configurations, unmonitored container-to-container communication, ephemeral instances that are not tracked, unauthorized access and registry/repository poisoning.