Sorting through myriad compliance acronyms

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne

The COVID-19 crisis has made one concept abundantly clear: The federal government must move to the cloud securely. That rather obvious statement is supported by myriad confusing compliance acronyms: ATO, FedRAMP, Cloud Computing Security Guidelines, CMMC, ad infinitum, ad nauseum.

Most humans have a limit to the knowledge they have in understanding any amount of this alphabet soup.  Steven Boberski is the vice president of Business Development at Collab9  and has been in the compliance trenches for 20 years. He joined host John Gilroy on this week’s Federal Tech Talk and brought some clarification to these confusing issues.

During the interview Boberski gave an overview as well as provided some details. He differentiated Authority to Operate (ATO) and ATO against a service.  He gave more information when it comes to understanding an audit.  He gave the listener a better understanding of an initial audit, continuous monitoring, and a major change audit.

When it comes to compliance, one difficulty arises when you try to compare varying cybersecurity standards.  For example, Boberski talked about the way to compare the relatively new CMMS levels with the already existing DoD levels like Impact Level 2.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.