Discussion about this post

User's avatar
Brian Hierholzer's avatar

Chris. Tremendous article. Would love to add that bias in auditing along with lack of audit tools that have full independence separated from ops side (biased) tools is critical. ZeroBias Auditing is the only way to unlock a cATO by a 3PAO. Ecosystem incompatibility with OPS side compliance/ security/ config tools balanced by fully independent zero bias external auditing is the only way to drive risk out of the risk party

Expand full comment
Eric Wood's avatar

I’d also like to point out that under the section of continuous monitoring the author mentioned AWS Audit Manager as an example offering but it’s important to know that as of this article being published, AWS Audit Manager is not available in AWS Gov cloud.

Expand full comment
3 more comments...

No posts