Introduction As information is increasingly accessible online, the number of cybersecurity attacks, threats, and breaches continue to grow. From hackers pretending to be someone else for financial gain to major companies falling victim to ransomware, being able to achieve cyber
Continuous Authorization, or cATO, can mean different things depending on context. In the federal public sector, I’ve encountered numerous strategies and interpretations. Human-Driven Assessments: The Traditional ApproachTraditionally, authorization assessments have been human-driven. We’ve explored continuous approaches, which typically involves increasing
The Federal Risk and Authorization Management Program (FedRAMP) program management office (PMO) recently published a request for quote (RFQ) for a governance risk and compliance (GRC) solution that intends to implement OSCAL (Open Security Controls Assessment Language) and facilitate compliance
I am excited to announce significant updates to the OSCAL Rest OpenAPI Specification and am looking forward to public feedback so we can improve it as a community! This is an open-source specification that freely enables the exchange of OSCAL
