Modernizing the ATO Process: Cut Red Tape and Secure the Mission
Cutting Red Tape, Securing the Mission: Why Faster ATOs Matter Featured in PSC Contractor Magazine – Fall 2025By Gaurav “GP” Pal, CEO and Founder, stackArmor, a Tyto Athene Company Federal agencies and contractors dedicate millions of hours each year navigating the Risk Management Framework (RMF) and Authority to Operate (ATO) process—essential for security, but often […]
How to do FedRAMP the Wrong Way
How to do FedRAMP the Wrong Way A lovingly sarcastic field guide to burning time, money, and morale Let’s start with the myth that refuses to die: FedRAMP ATOs take 18–24 months and cost $3–5M. If you follow the classic FedRAMP advisory playbook, sure. You’ll spend months on a gap assessment, commission a reference architecture […]
Accelerating FedRAMP High ATOs to Address Fast Growing Federal Demand
Federal and Defense agencies are increasingly encouraged to buy the best of breed commercial solutions. Commercial Software-as-a-Service (SaaS) Cloud Service Providers (CSPs) or Independent Software Vendors (ISVs) looking to meet this growing demand must meet the Federal Risk and Authorization Management Program (FedRAMP®) cybersecurity requirements. FedRAMP provides a standardized, reusable approach to security assessment […]
A New Way to SSP: The Component Definition Approach to Defining Controls
A New Way to SSP: The Component Definition Approach to Defining Controls Guest Post by Johann Dettweiler, CISO, stackArmor Imagine a world where the “say nothing” narrative implementation statements, rampant across the landscape of System Security Plans (SSPs), get replaced by a definitive, understanding of system state to determine the implementation status of controls. For […]
California’s AI RAMP or FedRAMP for AI?
California’s AI RAMP or FedRAMP for AI?: Urgent need for an actionable and enforceable US safety and security framework for AI California State Bill 1047 was passed today by the Assembly where it heads to the Senate and the Governor’s desk for consideration. SB 1047 is remarkable for the specificity of the governance requirements and […]
Adding GenAI to a FedRAMP Authorized Boundary
The FedRAMP PMO announced the Emerging Technology Prioritization Framework (ETPF) to fast-track AI solutions in code generation, image generation, and chatbots. Cloud service providers (CSP) with existing FedRAMP authorizations can now add OpenAI services to their current Cloud service offerings (CSO). This can be done by following FedRAMP’s prescribed change management process that is often […]
How Much Does FedRAMP Compliance Cost?
FedRAMP compliance costs can be broken up into two parts: 1) initial ATO costs and 2) ongoing authorization or continuous monitoring costs. The initial FedRAMP compliance professional services costs for the most part vary between $250,000 to $750,000 depending on the support required, accreditation level and size of the environment. Generally, speaking FedRAMP compliance costs […]
Is it time to enforce an Authority-to-Operate (ATO) for Healthcare Organizations?
The Change Healthcare security breach has impacted over 94% of hospitals as reported by the American Health Association (AHA). A cascading set of events was unleashed starting with the Feb 21, 2024 announcement of the data breach at Change Healthcare requiring nearly $2BÂ in advance payments severely impacting nearly 900,000 physicians, 33,000 pharmacies, 5,500 hospitals […]
FedRAMP ATO Prioritization for Generative AI Cloud Solutions
The US Government is continuing to move rapidly to ensure US competitiveness in the area of Artificial Intelligence (AI). The FedRAMP Program Management Office (PMO) published the Emerging Technology Prioritization Framework (ETPF) in January 2024. The ETPF is designed to help accelerate the availability of FedRAMP accredited Gen AI cloud solutions for federal agencies and […]
Accelerating Safe and Secure AI Adoption with ATO for AI: stackArmor Comments on OMB AI Memo
Updated on 5/24/2025 with new developments related to this topic. On May 22, 2025, NIST published a blog stating their intent to leverage existing control frameworks to protect AI systems as opposed to creating new frameworks. stackArmor’s position published in 2023 to use AI Overlays to develop guardrails for AI systems has been accepted as […]
stackArmor, Carahsoft partner with University of Utah School of Medicine to Accelerate FISMA ATO for NEMSIS
TYSONS CORNER, Va., Dec. 15, 2023 — stackArmor, Inc., a leading provider of FedRAMP, FISMA, CMMC 2.0, NIST AI RMF and StateRAMP compliance acceleration solutions and Carahsoft Technology Corp., the Trusted Government IT Solutions Provider® today announced that it has assisted University of Utah School of Medicine, with successfully obtaining a FISMA Moderate ATO for the National Emergency Medical […]
All Eyes on AI: Rising Interest, Regulation, and Compliance Requirements
AI is so much more than a buzz term these days. It is a full blown technological revolution commanding the attention of industries and sectors across the board. Its surging role is particularly evident in the public sector where government and federal agencies are flocking to capture the benefits of the emerging tech. Take the […]
Accelerating FedRAMP ATOs: OMB Memo
The Office of Management and Budget (OMB) released a Draft Memorandum for Modernizing the Federal Risk and Authorization Management Program (FedRAMP) on Friday, Oct 27, 2023. FedRAMP was codified in 2022 when Congress passed the FedRAMP Authorization Act (“Act”). The Act established FedRAMP within the General Services Administration (GSA) and created a FedRAMP Board to […]
stackArmor Launches ATO for AI™ Governance Model To Help Public Sector Organizations Safely and Securely Accelerate AI Adoption
Solution receives industry backing with newly established AI Risk Management Center of Excellence (CoE) MCLEAN, Va., September 27, 2023 – stackArmor, the leader in security and compliance acceleration for government organizations, today announced its Approval To Operate (ATO) for AI™ accelerator, that helps public sector and government organizations rapidly implement security and governance controls to […]
Securing an Agency Sponsor for FedRAMP Agency-Sponsored ATO
Obtaining a mandated Federal Risk and Authorization Management Program (FedRAMP) Â Authorization to Operation (ATO) is increasingly important for Cloud Service Providers (CSPs) who wish to make Cloud Service Offerings (CSOs) available to federal government agencies. The FedRAMP Authorization Act codifies the security and compliance requirements for commercial CSPs as they increasingly shift away from on-prem […]
Navigating a JAB Provisional ATO (P-ATO)
Achieving a FedRAMP Authority to Operate (ATO) is a mandatory requirement for cloud service offerings (CSOs) that hold federal data. If you have software (or infrastructure or a platform) that is offered as-a-service and government agencies are your target customers, your cloud offering will be required to obtain and maintain a FedRAMP P-ATO. An ATO […]
FedRAMP Releases Updates to ATO Requirements based on NIST SP 800-53 Rev 5 for Public Review
The FedRAMP Program Management Office (PMO) at the General Services Administration (GSA) released the updated controls baselines based on NIST SP 800-53 Rev 5. The FedRAMP Security Assessment Framework (SAF) is based on the National Institute of Standards and Technology’s (NIST) Special Publication [SP] 800-53 Rev 4. FedRAMP is expected to migrate to NIST SP […]
FedRAMP Readiness Gap Assessment for Commercial SaaS and ISVs
The US Federal Government is expected to nearly double its acquisition of cloud services from 2019 to 2024 based on a newly released market
Accelerating FedRAMP, FISMA or CMMC ATOs with a Cloud GSS
Organizations looking to comply with NIST SP 800-53 or NIST SP 800-171 security requirements for obtaining an Authority-To-Operate (ATO) for FedRAMP, FISMA