The OSCAL Native
Authorization Platform
Hosted in a FedRAMP High Government Community Cloud, DRTConfidence provides Governance, Risk, and Compliance (GRC) management capabilities in a standardized OSCAL machine-readable format.
Integrations with your cloud platform allows automation of evidence collection, compliance documentation, risk management and authorization activities.
Integrated Compliance Eco-system
Delivers a high level of automation and reduces significant amount of manual effort.
Compliance Automation
Component Definitions
Develop a detailed representation of your cloud platform in a component based model. Component model should include all technical, operational, policy and procedural aspects of your cloud platform.
Cloud based discovery tools now have the ability to provide machine generated deterministic view of the cloud platform architecture.
Component centric view rather than a control centric view of the system helps reviewers understand the security posture better
API Based Integrations
Integration with discovery and scan tools allows you to provide inventory, vulnerability, encryption, findings, evidence, and poa&m details directly to our GRC platform for analysis and transmission to the authorizing officials.
This helps you to meet the emerging requirements around delivering machine generated deterministic telemetry for various continuous monitoring programs.
Near real-time telemetry is provided, eliminating excel sheets and manual work
Determine Risk Scores Based on Trained ML Models
Leverage your historical risk data to train ML models, and determine risk scores with a 95% accuracy. ML models are automatically retrained using the ‘sliding window’ algorithm on a periodic basis, ensuring that the risk scores reflect the most current technical posture of the system.
Prioritize high risk assets automatically, optimizing resource allocation
Enforce Compliance Standards Using Validation Rules
Automated verification and built-in checks for OSCAL allowed values, FedRAMP and agency validations, business rules, custom validations, and schema validation means that your team can successfully submit an error-free ATO package and expedite the review process.
Reduce authorization time by eliminating back and forth on document quality issues
Package and Transmit
Select all the documents that are to be submitted – SSP, SAP, SAR, POA&M, Attachments, Scans and Evidence artifacts. Select the Authorizing Official that is to receive the package.
A Package is prepared and transmitted in OSCAL standard format, and delivered to the Authorizing official via an API.
Eliminate shared drives and manual efforts on basic transfer steps
Authorization Analytics
Authorizing officials can receive ATO and monthly ConMon packages in OSCAL format over an API, unpack the documents and automatically run various analytics to create actionable information.
This significantly reduces the time to action for critical issues, provides deeper visibility into the enterprise risks, and eliminates manual effort of managing word and excel based documents.
Achieve automatic authorizations where applicable.
Maintain Data Integrity for All Compliance Artifacts
Extend your OSCAL documentation with additional layers of validation and extension to remain fully compliant with the FedRAMP and other frameworks. No matter what compliance stage you are at, our platform automatically populates SSP, SAP, and SAR with the required information from upstream documents so your team is ready to work immediately.
Feature Rich Platform
Workflows
Pre-defined and custom workflows are available for multiple stakeholders to collaborate on artifacts like the PIA, BIA, Control Information among others
Dashboards
Numerous dashboards are available to get a high level view of work status, with drill down capability to access information that needs to be addressed.
Task Based Collaboration
Our workflows automatically create tasks that can be assigned and managed via dashboards allowing for better work management
Click to Print
All OSCAL based documents are available to be printed in a standardized template meeting FedRAMP requirements among other frameworks.
Content Repository
Upload policies, procedures, scans, plans, evidence, among other documents that need to be submitted along with the SSP, SAP, SAR and POA&M
Pre-loaded Data Sets
Threat Catalog, CVEs, 800-60 information types, FIPS-199 categorization, IANA ports and protocols list, among other datasets are pre-loaded and available in various modules
Platform Options to Get You Started
Deployment Models That Work For You
Multitenant
Our multitenant environment offers everything you need for one authorization package, including SSP generation, SAP review, SAR Review, and POA&M generation at an affordable price.
Dedicated
A private cloud instance where your team gets more custom features, integrations and can manage their ATO package submission with multiple regulatory frameworks in a controlled manner.