
Sign up to save your podcasts
Or


Monthly vulnerability scans and POA&M spreadsheets aren't going to cut it anymore. Kenny and Isaac break down FedRAMP NTC-0014 and CISA BOD 26-04, the two mandates reshaping how cloud service providers approach vulnerability management, and what CSPs need to do before the December 7, 2026 deadline hits.
They cover why AI has fundamentally changed the threat landscape, how tools like Wiz are helping teams understand attack paths instead of just CVE lists, and what the FedRAMP VDR/VER standard actually requires in practice. Plus, why showing red in your trust center might be the best thing you can do for agency confidence.
Resources mentioned:
- FedRAMP NTC-0014 (VDR/VER Mandate): https://www.fedramp.gov/notices/0014/
Learn more about Paramify: https://www.paramify.com/
Chapters:
By ParamifyMonthly vulnerability scans and POA&M spreadsheets aren't going to cut it anymore. Kenny and Isaac break down FedRAMP NTC-0014 and CISA BOD 26-04, the two mandates reshaping how cloud service providers approach vulnerability management, and what CSPs need to do before the December 7, 2026 deadline hits.
They cover why AI has fundamentally changed the threat landscape, how tools like Wiz are helping teams understand attack paths instead of just CVE lists, and what the FedRAMP VDR/VER standard actually requires in practice. Plus, why showing red in your trust center might be the best thing you can do for agency confidence.
Resources mentioned:
- FedRAMP NTC-0014 (VDR/VER Mandate): https://www.fedramp.gov/notices/0014/
Learn more about Paramify: https://www.paramify.com/
Chapters: