Deltek's Journey to FedRAMP Moderate Equivalency

I have a surprise for you --- the last GRC Academy podcast!

In this last episode, Michael Greenman from Deltek shares the journey to FedRAMP Moderate Equivalency for Deltek Costpoint GovCon Cloud Moderate (GCC-M).

And let me tell you, it's quite a story: changes in NIST baselines, new policy from the DoW, and lessons learned.

👉 Here are some of the biggest takeaways:

✅ The real-world implications of DoW's equivalency definition
✅ How the absence of continuous monitoring shapes the trust model
✅ How Deltek developed a customer responsibility matrix that reduces friction for their customers
✅ Should the DoW blow up FedRAMP moderate equivalency?

We also discussed improvements that can be made by the DoW, the Cyber AB, and more!

We recorded this months ago, but this conversation is still very relevant.

On another note, it is kind of surreal to think this is the last episode of the GRC Academy podcast. I hope you've enjoyed watching!!

What were your biggest takeaways? Let me know in the comments.

Follow Michael on LinkedIn:   / michael-greenman-94952a3  

Deltek Costpoint GCC-M: https://www.deltek.com/en/government-...

-----------

Online GRC Training: https://grcacademy.io/courses/?utm_so...

#cmmc

00:00 Beginning
00:22 Michael's Background
02:04 Deltek's CMMC Survey Results
05:19 FedRAMP Moderate Equivalency Journey
10:43 The 100% Compliance Requirement
12:50 Customer Responsibility Matrix
15:40 Sharing the Body of Evidence with Customers
19:29 Challenges with FedRAMP Equivalency
24:35 Pro's of FedRAMP Equivalency
26:46 Con's of FedRAMP Moderate Equivalency
28:09 Recommendations for FedRAMP Equivalency
31:46 NIST 800-171 Only for CSPs?
33:43 Confusion Around CMMC and Cloud Service Providers
35:33 Conclusion