ConMon can be labor intensive and the data can be hard to analyze across vendors. At the FedRAMP PMO, we’ve normalized this data and have developed standardized reports and POA&Ms for the JAB P-ATOs we maintain. Since this information is in the same format for every provider, it makes it easier to consume.
In an effort to help agencies authorize and maintain CSP authorizations, the FedRAMP PMO launched a pilot in November 2015 to gauge the feasibility and scalability of leveraging this same process for agencies. The pilot’s aim is to roll this process out for all FedRAMP ATOs being used by multiple agencies. The pilot will go through the winter and at the end of the pilot the PMO will analyze the results and determine if this is a service we can offer to all FedRAMP ATOs.
The PMO extends a big thanks to the Continuous Monitoring four participants: