Solutions for Markets
FedRAMP Authorization
FedRAMP is moving to an OSCAL based authorization submissions. These submissions will need to offer machine generated deterministic information in the package being submitted. Our platform provides all the tooling and APIs for CSPs to begin converting and submitting in OSCAL format.
DRTConfidence is the only platform that has successfully submitted a complete ATO package in OSCAL format which has been verified by FedRAMP.
FISMA Compliance
Federal Agencies have the opportunity to standardize and automate the generation, review, assessment, authorization and continuous monitoring of all they IT systems. Improve FISMA reporting and FISMA compliance by achieving near real-time view of all authorizations. Automate information flow from OpDivs to Department levels making sure all Risk information if available and acted on in a timely manner.
Contact UsSolutions For Stakeholders
Regulatory Frameworks
Risk Management Framework 800-53 Revision 5 for the commercial sector. This includes support for the FedRAMP RFC024 which will have additional requirements for OSCAL based submissions
Low and Moderate Impact Level Key Security Indicators as per the program requirements are supported. Impact Level High KSI’s are not available at this time.
FedRAMP+ Impact Level 4 & 5 supporting the reciprocity between FedRAMP and DoD.
NIST 800-171 and 800-172 based CMMC baselines for Level 2 and 3 are available at this time.
NIST 800-53 controls with Low, Moderate and High baselines are supported out of the box. Modifications are available for Agency based custom controls.
NIST Cybersecurity Framework (CSF) and 800-218 (SSDF) are available in OSCAL format
Services We Offer
OSCAL Conversion
Convert existing paper based ATO artifacts including SSP, SAP and POA&Ms into OSCAL artifacts leveraging our conversion tools and best practices.
OSCAL Training
An introductory training course for Federal employees to understand how OSCAL works
OSCAL Based Registries
Developing custom control catalogs, common control component definitions, leveraged system component definitions, custom workflow, GSS conversion