Security isn’t something you implement once and leave alone. It’s a mindset, an operation, and an ongoing policy. Security frameworks like FedRAMP require a process called continuous monitoring in order to remain valid. The world of information threats is constantly evolving. Technology grows, changes, and improves, but with those changes come new vectors for intrusion,…
Category: FedRAMP
Blog, FedRAMP, Global Security News, OMB, OSCAL, Security Bloggers Network
Making FedRAMP ATOs Great with OSCAL and Components
OMB Memo M-24-15 published on July 24, 2024 directed GSA and the FedRAMP PMO to streamline the FedRAMP ATO process using NIST OSCAL. By late 2025 or early 2026 (18 months after the issuance of the memo), GSA must ensure the ability to receive FedRAMP authorization and continuous monitoring artifacts through automated, machine-readable means. Additionally,…