FedRAMP 20x Phase 2 Pilot Proposal: Paramify

Paramify's FedRAMP 20x Phase 2 Pilot Proposal: How the OG Addresses Solutions for 100+ NEW (and not so easy!) Security Requirements

Watch Paramify's proposal for the FedRAMP 20X Phase 2 Pilot as they outline their strategy for addressing over 100 new security requirements.


Key Highlights
=========================================================

Paramify's Risk Profile Approach: How the platform uses six distinct categories, including solution-specific and organizational resolutions, to establish a complete and accurate risk profile.
Component Inheritance: A demonstration of how implemented risk solutions—like an IT stack deploying Octa—can be inherited by other product teams to simplify compliance and define residual responsibilities.
Automated Validation and Evidence Collection: The shift from self-attestation to evidence-based status tracking, featuring automated validation rules and machine-readable evidence sets delivered via API.
Future Trust Center Integration: Plans to link assessment files with a Trust Center to provide granular, continuous visibility into compliance status, moving beyond "all-green" reporting.
3PAO Assessment Perspective: Details their 20x assessment approach, focusing on completeness, accuracy, and timeliness, with a target of 70% automation for Key Security Indicators (KSIs).
Paramify as "Customer Zero": Paramify's own adoption of its platform for its Phase 2 authorization, centralizing compliance management and ensuring evidence is the true source of truth.
============================================================

Speakers:
Elisha "Emu" Crowe (FedRAMP)
Jorden Foster (Coalfire)
Isaac Teuscher (Paramify)
Kenny Scott (Paramify)
Mike Schreiner (Paramify)
Pete Waterman (FedRAMP)
Ryan Hoesing (FedRAMP)
============================================================
Learn more about the FedRAMP 20x Phase 2 Pilot: https://www.fedramp.gov/20x/phase-two/

Be a part of the Phase 2 Pilot Q&A discussion: https://www.fedramp.gov/20x/phase-two/

#FedRAMP #CloudSecurity #Automation #ContinuousMonitoring #DevSecOps #Cybersecurity