Chris. Tremendous article. Would love to add that bias in auditing along with lack of audit tools that have full independence separated from ops side (biased) tools is critical. ZeroBias Auditing is the only way to unlock a cATO by a 3PAO. Ecosystem incompatibility with OPS side compliance/ security/ config tools balanced by fully independent zero bias external auditing is the only way to drive risk out of the risk party
I’d also like to point out that under the section of continuous monitoring the author mentioned AWS Audit Manager as an example offering but it’s important to know that as of this article being published, AWS Audit Manager is not available in AWS Gov cloud.
This is an excellent article that is full of insights and valuable references to go and explore. I do wish that some of the more reputable FedRAMP-In-a-Box platform accelerators were mentioned rather than simply to beware of their promises...which is always the case.
Chris. Tremendous article. Would love to add that bias in auditing along with lack of audit tools that have full independence separated from ops side (biased) tools is critical. ZeroBias Auditing is the only way to unlock a cATO by a 3PAO. Ecosystem incompatibility with OPS side compliance/ security/ config tools balanced by fully independent zero bias external auditing is the only way to drive risk out of the risk party
I’d also like to point out that under the section of continuous monitoring the author mentioned AWS Audit Manager as an example offering but it’s important to know that as of this article being published, AWS Audit Manager is not available in AWS Gov cloud.
This is an excellent article that is full of insights and valuable references to go and explore. I do wish that some of the more reputable FedRAMP-In-a-Box platform accelerators were mentioned rather than simply to beware of their promises...which is always the case.