In this episode of Resilient Cyber, I sit down with Founder & CEO of Paramify, Kenny Scott, to unpack the evolution of the FedRAMP program, FedRAMP 20x, and discuss what the public sector cloud compliance looks like moving into the future.

Kenny and I dove into a lot of topics, including:

• What FedRAMP is and why it matters
• What FedRAMP 20x is and what longstanding challenges associated with FedRAMP and public sector cloud and compliance it is addressing
• The various aspects of FedRAMP 20x, including its phased rollout
• Changes via FedRAMP 20x when it comes to Key Security Indicators (KSI), and how they differ from “controls”
• FedRAMP’s modern vulnerability management approach and how it changes from the way vulnerability was historically handled under FedRAMP
• The importance of automated assessments, machine-readable artifacts, real Continuous Monitoring (ConMon), and more for practical GRC Engineering
• The role of GRC platforms when it comes to modernizing GRC
• What are the implications of FedRAMP 20x for other public sector compliance programs, such as DoD’s SWFT, SRG, and RMF

• Subscribe now