The latest FedRAMP draft memo from the OMB shakes up quite a bit about the program. While nothing is set in stone, much ink is spilled on what it will mean for the program and participating cloud service providers.
In this article, we will discuss what this new memo says about automation–specifically, how the program will start approaching automation to ensure compliance within its ecosystem of providers.
In a previous article, we discussed penetration testing from the perspective of compliance and cybersecurity. While pen testing is often a core component of most regulations, it’s generally a good practice to consider using outside of just checking compliance boxes. A good way to do that is with a partner that can offer automated penetration testing.
What is automated penetration testing? It’s the use of automation and other cloud tools to perform the basics of a penetration test. Sometimes mistaken for vulnerability scanning, automated penetration tests provide additional insight and continuing coverage that annual pen tests do not.
Compliance and risk management aren’t the same, but they are closely aligned with one another. Companies operating with IT and data-intensive technologies and industries must attend to the reality that risk of breach, damage, or data loss exists in their system and that they will almost always have to manage the balance between optimized business goals and security and compliance requirements.
Risk management, however, can be a simpler and more streamlined process with the use of automated tools. Here, we’ll introduce how automation speaks to risk assessment and management.