Continuous monitoring (ConMon) ensures CSPs continuously maintain the security of their FedRAMP Authorized systems by providing the Joint Authorization Board (JAB) and authorizing officials (AOs) monthly insight into the security posture of the system. CSP scanning policies, procedures, and tools (including vulnerability scanners) are key components to ConMon activities. In an effort to increase the efficiency and effectiveness of ConMon activities, the FedRAMP Program Management Office (PMO) provides guidance for scanning requirements. This document summarizes those requirements.