ATO Articles

Azure Services That Are FedRAMP-Certified

Microsoft is a leader in FedRAMP certified services–as of September 2017, Microsoft offers 12 services in Azure (the commercial version) that are FedRAMP-certified at the Moderate Impact Level, and 32 services in Azure Government that are FedRAMP-certified at the High Impact Level. Additionally, Azure and Azure Government have both earned P-ATOs from the FedRAMP Joint...

What is ATO as a Service™ for Office 365?

The process to obtain a Office 365 FedRAMP ATO is time consuming, manual, and paper-intensive. Until now! Introducing ATO as a Service™, an exclusive Software as a Service that automates FedRAMP processes, and shortens FedRAMP ATO timeframes for Office 365 government subscriptions. cFocus Software has partnered with Microsoft Corporation to develop ATO as a Service™, allowing...

What is ATO as a Service™ for Azure?

The process to obtain an Azure FedRAMP ATO is time consuming, manual, and paper-intensive. Until now! Introducing ATO as a Service™, an exclusive Software as a Service that automates FedRAMP processes, and shortens FedRAMP ATO timeframes for information systems hosted in the Azure Government Cloud. cFocus Software has partnered with Microsoft Corporation to develop the offering,...

FedRAMP Weekly Tips – June 8 2017

This week, FedRAMP published a weekly tip that addresses applying for an Agency High Baseline Authorization and an RAR Federal Mandate that is often overlooked: Q: What are some frequently asked questions for CSPs who currently hold an Agency Authorization to Operate (ATO) at the Moderate level, but wish to apply for an Agency High...

RMF, Security Plans, POAMs: All Dynamic

Anyone who has ever used the Risk Management Framework (RMF) in two or more different organizations can attest to how dynamic RMF, Security Plans, and Plans of Action and Milestones (POAMs) are. They are so dynamic, in fact, that no two organizations utilize them the same. That’s one of the things that Information Assurance professionals...

2 Vulnerabilities That Can Affect Your System ATO

The foundation of risk-based cybersecurity using the Risk Management Framework (RMF) is designing, developing and deploying resilient systems.  Resilient systems have the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on your information resources. One of the most important steps toward cyber resilience is practicing good cybersecurity hygiene,...