Hello all, I am trying to determine if the use of a "compliance process automation tool" (software that is installs on a computer, scans the computer, and collects the scan results to be used as evidence artifacts) should be FedRAMP authorized directly or if the use of a FedRAMP authorized cloud platform like AWS is sufficient.