September 14, 2023

Automation of FedRAMP ATO assessments using ServiceNow

FedRAMP was codified in Dec. 2022 and mandates the 438 US Federal agencies to use cloud service providers (CSP)s that are FedRAMP Authorized to Operated (ATO)s and listed in the FedRAMP Marketplace.

Join ServiceNow and SecurityBricks, a FedRAMP 3PAO to see their FedRAMP accelerator in action. This out-of-the-box solution was designed specifically to meet the FedRAMP NIST 800-53 Rev 5 controls using the Continuous Authorization Monitoring (CAM) app. The SecurityBricks solution combined with the FedRAMP accelerator, available on the ServiceNow Store, will provide evidence for 50% of controls and automate another 30% with automated evidence collection.

In this session, we’ll discuss:

  • The CAM app: authorization boundaries, asset inventory including development of ATO artifacts like System Security Plan (SSP) and POA&M
  • Assigning NIST 800-53 questionnaires to all in-scope stakeholders, monitor responses, and track progress toward compliance.
  • Automated indicator templates and connectors to Azure defender and AWS Security Hub
  • The accelerator including inherited controls from AWS and Azure
  • Continuous monitoring reporting requirements for FedRAMP ATO