stackArmor, a Tyto Athene Company, Partners with Tenable Cloud Security and Carahsoft to Drive FedRAMP Compliance
FedRAMP authorization to operate for Tenable Cloud Security enables U.S. Federal agencies to secure their cloud infrastructure by exposing and closing security gaps that threaten mission resilience and operational integrity RESTON, Va., Aug. 19, 2025 – stackArmor, a Tyto Athene company and leading provider of security and compliance-focused cloud solutions, made possible the successful listing of […]
Accelerating FedRAMP High ATOs to Address Fast Growing Federal Demand
Federal and Defense agencies are increasingly encouraged to buy the best of breed commercial solutions. Commercial Software-as-a-Service (SaaS) Cloud Service Providers (CSPs) or Independent Software Vendors (ISVs) looking to meet this growing demand must meet the Federal Risk and Authorization Management Program (FedRAMP®) cybersecurity requirements. FedRAMP provides a standardized, reusable approach to security assessment and […]
Enabling FedRAMP 20X with the stackArmor Cyber Maturity Score (TM)
Written by Johann Dettweiler, Chief Information Security Officer, stackArmor Utilizing a “Risk Score” to Inform Risk-based Authorization of FedRAMP Systems That was a mouthful…a lot of words to discuss what is a really interesting topic, and in my opinion, a bit of a “white rabbit” in the compliance and IT security world. With all of […]
FedRAMP: Adapting to a Dynamic Landscape While Balancing Security with Efficiency
The FedRAMP program has successfully enabled commercial cloud computing adoption by Federal and DOD agencies for over 14 years, establishing itself as a cornerstone of secure cloud adoption within the government. Despite recent uncertainties and speculation within the community, it’s important to remember that the program’s fundamental principles remain strong. FedRAMP agency authorizations continue at […]
Making FedRAMP ATOs Great with OSCAL and Components
OMB Memo M-24-15 published on July 24, 2024 directed GSA and the FedRAMP PMO to streamline the FedRAMP ATO process using NIST OSCAL. By late 2025 or early 2026 (18 months after the issuance of the memo), GSA must ensure the ability to receive FedRAMP authorization and continuous monitoring artifacts through automated, machine-readable means. Additionally, […]
A New Way to SSP: The Component Definition Approach to Defining Controls
A New Way to SSP: The Component Definition Approach to Defining Controls Guest Post by Johann Dettweiler, CISO, stackArmor Imagine a world where the “say nothing” narrative implementation statements, rampant across the landscape of System Security Plans (SSPs), get replaced by a definitive, understanding of system state to determine the implementation status of controls. For […]
California’s AI RAMP or FedRAMP for AI?
California’s AI RAMP or FedRAMP for AI?: Urgent need for an actionable and enforceable US safety and security framework for AI California State Bill 1047 was passed today by the Assembly where it heads to the Senate and the Governor’s desk for consideration. SB 1047 is remarkable for the specificity of the governance requirements and […]
Adding GenAI to a FedRAMP Authorized Boundary
The FedRAMP PMO announced the Emerging Technology Prioritization Framework (ETPF) to fast-track AI solutions in code generation, image generation, and chatbots. Cloud service providers (CSP) with existing FedRAMP authorizations can now add OpenAI services to their current Cloud service offerings (CSO). This can be done by following FedRAMP’s prescribed change management process that is often […]
How Much Does FedRAMP Compliance Cost?
FedRAMP compliance costs can be broken up into two parts: 1) initial ATO costs and 2) ongoing authorization or continuous monitoring costs. The initial FedRAMP compliance professional services costs for the most part vary between $250,000 to $750,000 depending on the support required, accreditation level and size of the environment. Generally, speaking FedRAMP compliance costs […]
An Analysis of AI usage in Federal Agencies
Federal Agencies are rapidly deploying and utilization AI/ML technologies to further the mission. This blog attempts to understand the types of AI/ML systems being used by agencies and how best to develop relevant guardrails. OMB’s M-14-10 memo outlines specific requirements that must be met for ensuring Responsible AI deployments. Responsible AI Directives from OMB As […]
Continuous ATO: Going from Authority to Operate (ATO) to Ability to Respond
This white paper explores best practices designed to help reduce the time and cost of ATOs while improving access to risk data using process automation.
FedRAMP ATO Prioritization for Generative AI Cloud Solutions
The US Government is continuing to move rapidly to ensure US competitiveness in the area of Artificial Intelligence (AI). The FedRAMP Program Management Office (PMO) published the Emerging Technology Prioritization Framework (ETPF) in January 2024. The ETPF is designed to help accelerate the availability of FedRAMP accredited Gen AI cloud solutions for federal agencies and […]