Built on the foundation of a decade of experience working with the General Services Administration (GSA) FedRAMP program and the Federal Information Security Management Act (FISMA), Noblis’ Continuous Monitoring as a Service (CMaaS) is a trusted solution that streamlines and simplifies agency compliance assurance across a portfolio of cloud environments.
As federal agencies acquire cloud services, they need to ensure that cloud service providers (CSPs) comply with FedRAMP security authorization requirements. This includes reviewing and validating CSP vulnerability reports and remediation plans, sharing expectations for annual assessments and confirming the agency’s risk posture remains consistent.
Agencies must establish an incident response and mitigation capability for cloud security incidents, confirm acquisition documentation is up to date and provide an annual assessment for their cloud services to the Federal CIO. To comply with FedRAMP, agencies must continuously monitor their systems. For many agencies, this process is inconsistent, manual, costly and/or non-existent. CMaaS delivers a managed solution so agencies can focus on other priorities.
CMaaS is an established, comprehensive solution that has helped the FedRAMP Program Management Office scale to the ever-growing volume of security compliance data it needs to analyze during the process of authorizing cloud solutions for secure use in the federal government. It’s based on FedRAMP and NIST requirements (NIST 800-53 controls) and it can be readily adapted to other compliance frameworks.