In this episode of Resilient Cyber, I sit down with Founder & CEO of Paramify, Kenny Scott, to unpack the evolution of the FedRAMP program, FedRAMP 20x, and discuss what the public sector cloud compliance looks like moving into the future.
Interested in sponsoring an issue of Resilient Cyber?
This includes reaching over 40,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives
Reach out below!
Prefer to Listen?
Kenny and I dove into a lot of topics, including:
What FedRAMP is and why it matters
What FedRAMP 20x is and what longstanding challenges associated with FedRAMP and public sector cloud and compliance it is addressing
The various aspects of FedRAMP 20x, including its phased rollout
Changes via FedRAMP 20x when it comes to Key Security Indicators (KSI), and how they differ from “controls”
FedRAMP’s modern vulnerability management approach and how it changes from the way vulnerability was historically handled under FedRAMP
The importance of automated assessments, machine-readable artifacts, real Continuous Monitoring (ConMon) and more for effective GRC Engineering
The role of GRC platforms when it comes to modernizing GRC
What the implications of FedRAMP 20x are for other public sector compliance programs, such as DoD’s SWFT, SRG and RMF
