FedRAMP Continuous Monitoring and Ongoing Authorization
Ensure You Are Maintaining Compliance With FedRAMP Requirements
Continuous monitoring (ConMon) is an important part of any organization’s FedRAMP compliance toolkit, helping you gauge the health of your organization’s security posture and ensuring security controls remain effective and adequate over time. Failure to meet FedRAMP ConMon requirements initiates an escalation process, which could result in a suspension or revocation of your authorization to operate (ATO).
As a cloud service provider (CSP), the security posture of your organization’s systems can change at any time due to changes in the hardware or software on your offering, or due to the discovery and provocation of new exploits. Aquia’s ConMon services help to detect any changes to your organization’s security posture over time, enabling you to make well-informed risk-based decisions.
Request a Consultation
Maintaining FedRAMP authorization requires continuous monitoring of three key process areas: operational visibility, change control, and incident response.
ConMon takes place on an ongoing, monthly, and annual basis and includes:
Thoroughly reviewing security policies, planning activities, and security procedures and processes to ensure they are up-to-date and relevant.
Tracking incident handling activities, including the maintenance of incident records, reporting of incidents, and timely response to incidents.
Scanning results from infrastructure, operating systems, web applications, and databases on a regular basis to detect any vulnerabilities or potential threats.
Monitoring changes to the system’s security posture that may occur due to changes in hardware or software on the cloud service offering or due to the discovery and provocation of new exploits.
-
System Monitoring; Level 1 Support
Incident Reporting Support
Audit Log Review
Security, Advisory, and Directive Monitoring
Audit Log Review, Analysis, and Reporting
High Vulnerability Identification and Indicator of Compromise Review
File Integrity Monitoring Alerts
Malicious Code Protection Alerts
New Asset Discovery
Change Control Support and Management
Asset Deployment Support
Access Management
Traffic Flow Exception Management
-
Vulnerability Scanning, Analysis, and Tracking
FedRAMP Reporting
Port, Protocol, Services, and Function
Management
Physical Access Log Review
Public Content Review
Developer and Integrator Reviews
Temporary Account Reviews
-
Policy and Procedure Review
Annual Assessment Support
Account Recertification
Security Awareness Training
Auditable Event Review
Baseline Configuration Review
Configuration Management Plan
Contingency Plan Review and Update
IR Plan Review and Update
System Security Plan Review and Update
Contingency Plan Training and Testing
IR Plan Training and Testing
Physical Access Authorization Review
Access Agreement Review and Update
Position Risk Designation Review
Talk to an Expert
We’re here to help you ensure you are maintaining compliance with FedRAMP requirements and would be happy to answer any questions you have. Fill out the form and our team will be in touch soon!
We’re in good company.
Stay in the Know
Sign up to receive updates.