Press Release (ePRNews.com) - SCOTTSDALE, Ariz. - Dec 06, 2017 - Continuum GRC’s IT Audit Machine (ITAM) is putting FedRAMP compliance within the reach of more cloud service providers (CSPs), the company announced today.
The Federal Risk and Authorization Management Program (FedRAMP) supports the federal government’s “cloud-first” initiative by providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. All CSPs that work with U.S. federal agencies must comply with FedRAMP. However, the FedRAMP compliance process is long and arduous, and the costs can be extraordinarily high.
“The total median cost to achieve FedRAMP certification is over $2.2 million,” explains Michael Peters, CEO of Continuum GRC. “We feel those costs shut out most CSPs, which is a shame, because the U.S. government is the biggest single buyer of goods and services in the world.”
The total median cost to achieve FedRAMP certification is over $2.2 million. We feel those costs shut out most CSPs, which is a shame because the U.S. government is the biggest single buyer of goods and services in the world.
The cloud-based ITAM solves this problem by empowering organizations to prepare for a FedRAMP audit effectively while dramatically reducing costs in preparation for working with a third-party assessment organization (3PAO). Before a 3PAO can assess a CSP, the cloud provider must prepare their own System Security Plan (SSP). The SSP is the main document in which the CSP describes all the security controls in use on the information system and their implementation.
“3PAOs are prohibited from helping a CSP put together an SSP, then assessing that same organization,” Peters notes. “The CSP must put together this rather onerous report on their own. The easy-to-use, drag-and-drop FedRAMP SSP module makes the process quick and relatively painless, while saving the CSP a lot of money. While individual results vary, some CSPs can cut their FedRAMP certification expenses by up to 1000 percent.”
By integrating IT governance, policy management, risk management, compliance management, audit management, and incident management, ITAM also allows CSPs to maintain their FedRAMP compliance going forward.
“The costs of FedRAMP certification don’t stop after the initial audit. CSPs spend about $1 million a year on continuous monitoring to maintain their certification,” explains Peters. “In today’s complex data environments, it’s impossible to perform this monitoring manually. ITAM automates this process as well, again saving CSPs a lot of money, time, and worries.”