Sorting through myriad compliance acronyms

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne

The COVID-19 crisis has made one concept abundantly clear: The federal government must move to the cloud securely. That rather obvious statement is supported by myriad confusing compliance acronyms: ATO, FedRAMP, Cloud Computing Security Guidelines, CMMC, ad infinitum, ad nauseum.

Head shot of Steven Boberski
Steven Boberski, vice president, Business Development, collab9

Most humans have a limit to the knowledge they have in understanding any amount of this alphabet soup.  Steven Boberski is the vice president of Business Development at Collab9  and has been in the compliance trenches for 20 years. He joined host John Gilroy on this week’s Federal Tech Talk and brought some clarification to these confusing issues.

During the interview Boberski gave an overview as well as provided some details. He differentiated Authority to Operate (ATO) and ATO against a service.  He gave more information when it comes to understanding an audit.  He gave the listener a better understanding of an initial audit, continuous monitoring, and a major change audit.

When it comes to compliance, one difficulty arises when you try to compare varying cybersecurity standards.  For example, Boberski talked about the way to compare the relatively new CMMS levels with the already existing DoD levels like Impact Level 2.

Related Stories


Federal Tech Talk

TUESDAYS at 1:00 P.M.

Host John Gilroy of The Oakmont Group speaks the language of federal CISOs, CIOs and CTOs, and gets into the specifics for government IT systems integrators. Follow John on Twitter. Subscribe on Apple Podcasts or Podcast One.

Sign up for breaking news alerts