FedRAMP Continuous Monitoring and Ongoing Authorization

Ensure You Are Maintaining Compliance With FedRAMP Requirements

Continuous monitoring (ConMon) is an important part of any organization’s FedRAMP compliance toolkit, helping you gauge the health of your organization’s security posture and ensuring security controls remain effective and adequate over time. Failure to meet FedRAMP ConMon requirements initiates an escalation process, which could result in a suspension or revocation of your authorization to operate (ATO).

As a cloud service provider (CSP), the security posture of your organization’s systems can change at any time due to changes in the hardware or software on your offering, or due to the discovery and provocation of new exploits. Aquia’s ConMon services help to detect any changes to your organization’s security posture over time, enabling you to make well-informed risk-based decisions.

Arrow Down

Request a Consultation

Maintaining FedRAMP authorization requires continuous monitoring of three key process areas: operational visibility, change control, and incident response.

ConMon takes place on an ongoing, monthly, and annual basis and includes:

  • Thoroughly reviewing security policies, planning activities, and security procedures and processes to ensure they are up-to-date and relevant. 

  • Tracking incident handling activities, including the maintenance of incident records, reporting of incidents, and timely response to incidents. 

  • Scanning results from infrastructure, operating systems, web applications, and databases on a regular basis to detect any vulnerabilities or potential threats. 

  • Monitoring changes to the system’s security posture that may occur due to changes in hardware or software on the cloud service offering or due to the discovery and provocation of new exploits.

  • System Monitoring; Level 1 Support

    Incident Reporting Support

    Audit Log Review

    Security, Advisory, and Directive Monitoring

    Audit Log Review, Analysis, and Reporting

    High Vulnerability Identification and Indicator of Compromise Review

    File Integrity Monitoring Alerts

    Malicious Code Protection Alerts

    New Asset Discovery

    Change Control Support and Management

    Asset Deployment Support

    Access Management

    Traffic Flow Exception Management

  • Vulnerability Scanning, Analysis, and Tracking

    FedRAMP Reporting

    Port, Protocol, Services, and Function

    Management

    Physical Access Log Review

    Public Content Review

    Developer and Integrator Reviews

    Temporary Account Reviews

  • Policy and Procedure Review

    Annual Assessment Support

    Account Recertification

    Security Awareness Training

    Auditable Event Review

    Baseline Configuration Review

    Configuration Management Plan

    Contingency Plan Review and Update

    IR Plan Review and Update

    System Security Plan Review and Update

    Contingency Plan Training and Testing

    IR Plan Training and Testing

    Physical Access Authorization Review

    Access Agreement Review and Update

    Position Risk Designation Review

Talk to an Expert

We’re here to help you ensure you are maintaining compliance with FedRAMP requirements and would be happy to answer any questions you have. Fill out the form and our team will be in touch soon!

We’re in good company.

  • Platform One Logo
  • Nava logo

Stay in the Know

Sign up to receive updates.