ArcGIS Online recently announced it was FedRAMP moderate compliant. Has anyone inquired as to whether they will comply "with requirements in paragraphs (c) through (g) of this clause for cyber incident reporting, malicious software, media preservation and protection, access to additional information and equipment necessary for forensic analysis, and cyber incident damage assessment" so that it is possible to use it for CUI?