Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

survey icon Share your experience with the FAS IT-Playbook by taking this brief survey

FAS Cloud Services IT Security Metrics

Learn about the different types of Core FCS security metrics that are collected, reported and monitored. FCS Tenants may find it useful gaining familiarity with these metrics to meet FCS reporting requirements.

CORE FCS Security Metrics

FCS security Tenants are to observe the following key metrics and report them to their respective FCS security representatives. All metrics listed here are required for the applicable FCS service areas, any deviation must be reported to FCS for resolution.

Applicable service areas for all sections below: EBTA, CaaS, MCaaS, Common Components, Data, VPCaaS

1. FCS Asset Metrics

To be monitored and reported to FCS security personnel on a weekly basis:

2. FCS Security Risk Metrics (from Scans)

Observes risks reported from FCS operational scans by Severity, Compliance status and impacted AWS accounts:

Critical vulnerabilities must be remediated within 15 calendar days of initial detection

High vulnerabilities must be remediated within 30 calendar days of initial detection

3. FCS Remediation Metrics

Observes the extent at which vulnerabilities are being remediated in a timely manner based on the following timelines:

4. FCS Vulnerability Instance Decrease Metrics

Observes the reduction of vulnerabilities by instance and FCS timelines.

5. System Security Testing and Evaluation (SST&E) Metrics

Gathers insight from the output/results of the following Tenant self assessments:

6. System Test and Evaluation (ST&E) Metrics

Gathers insight from the output/results of the following Tenant self assessments.

Quick Resources

Return to Security and Compliance

Return to Standards Alignment