Making FedRAMP ATOs Great with OSCAL and Components
OMB Memo M-24-15 published on July 24, 2024 directed GSA and the FedRAMP PMO to streamline the FedRAMP ATO process using NIST OSCAL. By late 2025 or early 2026 (18 months after the issuance of the memo), GSA must ensure the ability to receive FedRAMP authorization and continuous monitoring artifacts through automated, machine-readable means. Additionally, […]
A New Way to SSP: The Component Definition Approach to Defining Controls
A New Way to SSP: The Component Definition Approach to Defining Controls Guest Post by Johann Dettweiler, CISO, stackArmor Imagine a world where the “say nothing” narrative implementation statements, rampant across the landscape of System Security Plans (SSPs), get replaced by a definitive, understanding of system state to determine the implementation status of controls. For […]
What is FedRAMP POAM? FedRAMP Compliance and Certification Explained
The Federal Risk and Authorization Management Program was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of commercial cloud services by the federal government and contractors supporting agencies. FedRAMP promotes the adoption of secure cloud services by providing a standardized approach to security and risk assessment for cloud technologies […]