HomeGuidesAPI ReferenceChangelog
Guides

Deviations Utility

The Deviations utility supports the FedRAMP deviation process by managing exceptions to standard security controls. It helps document and justify non-compliance due to technical or business constraints, enabling secure and authorized exceptions within cloud environments. Use this utility to automate deviation handling, link directly to issues and POAMs, and streamline FedRAMP reporting.

Suggest Edits

Requesting Deviation

  1. Open or create an Issue in RegScale.
  2. Ensure the Integrations tab includes a valid CVE identifier (enables the CVSS calculator).
  3. In the Utility panel, select Deviations.
  4. Complete the form.
  5. When complete, export the deviations into the FedRAMP-required Excel format.
  6. Include the file in your Continuous Monitoring (ConMon) report submission.

Note: When a CVE ID is provided in the Integrations tab of the POAM form, RegScale automatically pulls CVE scoring data from the National Vulnerability Database.

Updated about 1 month ago