stackArmor - A Tyto Athene Company Logo
Schedule ATO Acceleration Briefing

Tag: fedramp

Modernizing the ATO Process: Cut Red Tape and Secure the Mission

stackArmor webinar on faster ATOs importance.

Cutting Red Tape, Securing the Mission: Why Faster ATOs Matter Featured in PSC Contractor Magazine – Fall 2025By Gaurav “GP” Pal, CEO and Founder, stackArmor, a Tyto Athene Company Federal agencies and contractors dedicate millions of hours each year navigating the Risk Management Framework (RMF) and Authority to Operate (ATO) process—essential for security, but often […]

How to do FedRAMP the Wrong Way

How-to-do-FedRAMP-the-Wrong-Way-Web-Featured

How to do FedRAMP the Wrong Way  A lovingly sarcastic field guide to burning time, money, and morale  Let’s start with the myth that refuses to die: FedRAMP ATOs take 18–24 months and cost $3–5M. If you follow the classic FedRAMP advisory playbook, sure. You’ll spend months on a gap assessment, commission a reference architecture […]

Hey MSPs: Why FedRAMP Moderate Equivalency Beats Bare-Minimum CMMC

Hey-MSPs-blog-header

  Implementing CMMC? Think FedRAMP Moderate Equivalent Instead. Hey MSPs – You Should Aim Higher Than Bare-Minimum CMMC. Go Full FedRAMP Moderate Equivalent. Be Brave! The Pentagon finally dropped the other shoe. With the Defense Federal Acquisition Regulation Supplement (DFARS) amendment now posted for public inspection, CMMC requirements officially land in DoD contracts on November […]

Armory20x: Accelerating FedRAMP AI Prioritization for ISVs

Armory20x Accelerating FedRAMP AI Feature Image

  Armory20x: The Shortcut AI ISVs Need for FedRAMP AI Prioritization Independent Software Vendors (ISVs) building with AI are in a mad dash to reach the top. Every week brings a new foundation model, a new vector database, a new “copilot for X.” Investors want it FedRAMP authorized yesterday so you can sell to agencies […]

stackArmor, a Tyto Athene Company, Partners with Tenable Cloud Security and Carahsoft to Drive FedRAMP Compliance

stackArmor Partners with Tenable Cloud Security and Carahsoft to Drive FedRAMP Compliance

FedRAMP authorization to operate for Tenable Cloud Security enables U.S. Federal agencies to secure their cloud infrastructure by exposing and closing security gaps that threaten mission resilience and operational integrity RESTON, Va., Aug. 19, 2025 – stackArmor, a Tyto Athene company and leading provider of security and compliance-focused cloud solutions, made possible the successful listing of […]

Accelerating FedRAMP High ATOs to Address Fast Growing Federal Demand

Accelerating FedRAMP High ATOs To Address Fast Growing Federal Demand

  Federal and Defense agencies are increasingly encouraged to buy the best of breed commercial solutions. Commercial Software-as-a-Service (SaaS) Cloud Service Providers (CSPs) or Independent Software Vendors (ISVs) looking to meet this growing demand must meet the Federal Risk and Authorization Management Program (FedRAMP®) cybersecurity requirements. FedRAMP provides a standardized, reusable approach to security assessment […]

Enabling FedRAMP 20X with the stackArmor Cyber Maturity Score (TM)

Screenshot of a network security group rule with details and CVSS score.

Written by Johann Dettweiler, Chief Information Security Officer, stackArmor Utilizing a “Risk Score” to Inform Risk-based Authorization of FedRAMP Systems  That was a mouthful…a lot of words to discuss what is a really interesting topic, and in my opinion, a bit of a “white rabbit” in the compliance and IT security world.   With all of […]

FedRAMP: Adapting to a Dynamic Landscape While Balancing Security with Efficiency

StackArmor ThreatAnalytics platform overview diagram with key application and security operations.

The FedRAMP program has successfully enabled commercial cloud computing adoption by Federal and DOD agencies for over 14 years, establishing itself as a cornerstone of secure cloud adoption within the government. Despite recent uncertainties and speculation within the community, it’s important to remember that the program’s fundamental principles remain strong. FedRAMP agency authorizations continue at […]

Making FedRAMP ATOs Great with OSCAL and Components

Diagram showing interactions between SQL Server, Scheduled Activities, and Sitecore components.

OMB Memo M-24-15 published on July 24, 2024 directed GSA and the FedRAMP PMO to streamline the FedRAMP ATO process using NIST OSCAL. By late 2025 or early 2026 (18 months after the issuance of the memo), GSA must ensure the ability to receive FedRAMP authorization and continuous monitoring artifacts through automated, machine-readable means. Additionally, […]

A New Way to SSP: The Component Definition Approach to Defining Controls

Graphic illustrating increased assessment speed and automated validation in requirement definition.

A New Way to SSP: The Component Definition Approach to Defining Controls Guest Post by Johann Dettweiler, CISO, stackArmor Imagine a world where the “say nothing” narrative implementation statements, rampant across the landscape of System Security Plans (SSPs), get replaced by a definitive, understanding of system state to determine the implementation status of controls. For […]

California’s AI RAMP or FedRAMP for AI?

Diagram illustrating AI risk landscape with data boundaries and pre-production data.

California’s AI RAMP or FedRAMP for AI?: Urgent need for an actionable and enforceable US safety and security framework for AI California State Bill 1047 was passed today by the Assembly where it heads to the Senate and the Governor’s desk for consideration. SB 1047 is remarkable for the specificity of the governance requirements and […]

Adding GenAI to a FedRAMP Authorized Boundary

Diagram of threat detection and mitigation using Azure Sentinel and Application Gateway.

The FedRAMP PMO announced the Emerging Technology Prioritization Framework (ETPF) to fast-track AI solutions in code generation, image generation, and chatbots. Cloud service providers (CSP) with existing FedRAMP authorizations can now add OpenAI services to their current Cloud service offerings (CSO). This can be done by following FedRAMP’s prescribed change management process that is often […]

How Much Does FedRAMP Compliance Cost?

Person measuring stacked coins with caliper on financial documents.

FedRAMP compliance costs can be broken up into two parts: 1) initial ATO costs and 2) ongoing authorization or continuous monitoring costs. The initial FedRAMP compliance professional services costs for the most part vary between $250,000 to $750,000 depending on the support required, accreditation level and size of the environment. Generally, speaking FedRAMP compliance costs […]

An Analysis of AI usage in Federal Agencies

Bar chart of use case IDs by department.

Federal Agencies are rapidly deploying and utilization AI/ML technologies to further the mission. This blog attempts to understand the types of AI/ML systems being used by agencies and how best to develop relevant guardrails. OMB’s M-14-10 memo outlines specific requirements that must be met for ensuring Responsible AI deployments. Responsible AI Directives from OMB As […]

FedRAMP ATO Prioritization for Generative AI Cloud Solutions

Glowing digital brain above a flowing network of blue lights.

The US Government is continuing to move rapidly to ensure US competitiveness in the area of Artificial Intelligence (AI). The FedRAMP Program Management Office (PMO) published the Emerging Technology Prioritization Framework (ETPF) in January 2024. The ETPF is designed to help accelerate the availability of FedRAMP accredited Gen AI cloud solutions for federal agencies and […]

stackArmor’s ThreatAlert ATO® Accelerator Supports NIH AIM-AHEAD Program

Abstract digital waves in blue and purple hues creating a flowing pattern.

Solution enables underrepresented communities greater access to AI/ML research capabilities MCLEAN, Va.–(BUSINESS WIRE)–stackArmor, a leading provider of cloud, security and compliance acceleration solutions for meeting FedRAMP, FISMA and CMMC 2.0, today announced it has been supporting Dr. Paul Avillach, one of the Multiple Principal Investigators of the National Institutes of Health (NIH)’s Artificial Intelligence/Machine Learning […]

GAO Report Details FedRAMP ATO Challenges and Costs

Cloud computing connecting servers and devices.

The US Government Accountability Office (GAO) released a report on The Federal Risk and Authorization Management Program (FedRAMP®). The 37 page report provides highly relevant insights to both agencies and commercial organizations pursuing FedRAMP accreditations or ATOs. Highlights from the report are presented below. Key Challenges Faced by Agencies and Cloud Service Providers (CSP) Receiving timely responses […]

FedRAMP and Federal Cybersecurity Market Roundup October 2023

A glowing purple cloud with cables against a dark background.

October was a busy month for FedRAMP. From Federal Secure Cloud Advisory Committee (FSCAC) meetings to an automation overhaul, there were a slew of activities aiming to further prepare the program for the future it faces and will need to serve. Developing the Next Generation of FedRAMP The push to really explore FedRAMP’s upcoming chapter […]

Accelerating FedRAMP ATOs: OMB Memo

Close-up of classical architectural columns with blue lighting.

The Office of Management and Budget (OMB) released a Draft Memorandum for Modernizing the Federal Risk and Authorization Management Program (FedRAMP) on Friday, Oct 27, 2023. FedRAMP was codified in 2022 when Congress passed the FedRAMP Authorization Act (“Act”).  The Act established FedRAMP within the General Services Administration (GSA) and created a FedRAMP Board to […]

FedRAMP and Federal Cybersecurity Market Roundup September 2023

Abstract glowing blue cubes interconnected in a digital space.

It’s been a few weeks now since Carahsoft’s FedRAMP Headliner Summit, but there is no shortage of moments to recall from it. For instance, Robert Costello commemorated his two-year anniversary as CIO at the Cybersecurity and Infrastructure Security Agency (CISA) during the event. While speaking on his role, he explained the difference that has unfolded, […]

Looking Forward to the GovForward FedRAMP Headliner Summit

Logo for the GovForward FedRAMP Headliner Summit event.

What’s the cloud hanging over cloud service providers’ heads? The rapidly evolving threat landscape. It’s challenging to keep up with the pace and scale of risk, which is especially true when you are working with clients as essential as federal government agencies. Therefore, it’s critical to not only maintain cyber hygiene, but to anticipate what’s […]

FedRAMP and Federal Cybersecurity Market Roundup August 2023

Digital shield with keyhole symbolizes cybersecurity protection.

If federal cybersecurity were a play, regulatory programs such as FedRAMP would be like the directors helping to guide all of the participating actors properly execute their parts and bring the vision to life. And with the spotlight growing brighter due to the mass digital migration, evolving tech landscape, and expanding threat environment, they recently […]

Securing an Agency Sponsor for FedRAMP Agency-Sponsored ATO

Glowing blue cloud icon symbolizing cloud computing over a digital circuit board.

Obtaining a mandated Federal Risk and Authorization Management Program (FedRAMP)  Authorization to Operation (ATO) is increasingly important for Cloud Service Providers (CSPs) who wish to make Cloud Service Offerings (CSOs) available to federal government agencies. The FedRAMP Authorization Act codifies the security and compliance requirements for commercial CSPs as they increasingly shift away from on-prem […]