ATO as a Service Articles

Know Your Boundary

Do You Know Your RMF Boundaries? The first step in the six step risk management framework (RMF) process is categorizing your system.  The first step in categorizing your system is establishing the system boundary.  The boundaries of your system and how you categorize it will  drive your risk management strategy.  Your risk management strategy in...

What is ATO as a Service™?

The process to obtain a FedRAMP/Risk Management Framework (RMF) Authority To Operate (ATO) is very time consuming, manual, and paper-intensive. Until now! Introducing ATO as a Service™, an innovative Software as a Service (SaaS) that expedites FedRAMP/RMF processes, auto-generates authorization package documents, and automates continuous monitoring for your Microsoft Cloud-hosted information systems. cFocus Software has...

RMF, Security Plans, POAMs: All Dynamic

Anyone who has ever used the Risk Management Framework (RMF) in two or more different organizations can attest to how dynamic RMF, Security Plans, and Plans of Action and Milestones (POAMs) are. They are so dynamic, in fact, that no two organizations utilize them the same. That’s one of the things that Information Assurance professionals...

2 Vulnerabilities That Can Affect Your System ATO

The foundation of risk-based cybersecurity using the Risk Management Framework (RMF) is designing, developing and deploying resilient systems.  Resilient systems have the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on your information resources. One of the most important steps toward cyber resilience is practicing good cybersecurity hygiene,...