From: Nextgov
By Aaron Boyd
The process is a mix of quick but comprehensive testing up front followed by continuous monitoring through the life of the app.
***
Rather than go through each security control individually, the fast-track process allows project owners to run a penetration test—in which cybersecurity experts attempt to break the system—to establish a security baseline, then incorporate continuous monitoring of those systems into the future to ensure it remains secure.
“It comes down to the premise that RMF is a compliance issue. It doesn’t mean you’re secure, it means you’re compliant,” Konieczny said. “We’re saying, basically, if you want to do a fast ATO, you need to think about looking at some of the controls that you’re going to monitor, doing a pen test and doing continuous monitoring after that. … The pen test will actually answer some of those controls [questions] right away. And it’s a better case because it’s not just compliance anymore, it’s how you operationally put the information out there.”
Leave a Reply