Matthew Goodrich Eyes ‘Risk-Based’ Model for FedRAMP’s CDM Portion

Matthew Goodrich
Matthew Goodrich

Matthew Goodrich, director of the Federal Risk and Authorization Management Program, has said he wants to transform FedRAMP’s approach toward continuous monitoring of computer systems to a more “more risk-based” approach in an interview with FCW published Thursday.

Goodrich told FCW that the continuous monitoring functions within are FedRAMP is “solid” but remain based on compliance, Sean Lyngaas reports.

The Office of Management and Budget recommends that agencies move away from compliance-driven monitoring to a risk-based approach the Department of Homeland Security seeks to have with its Continuous Diagnstics and Mitigation initiative, according to FCW.

Lyngaas cited General Services Administration officials that said the two programs seem aligned, but noted CDM’s complex structure with its scheduled rollouts and monitoring styles as a possible challenge to a union with FedRAMP.

The report said Goodrich also cautioned against others concerns that could arise.

“When you’re looking at rolling up reporting into a dashboard with government data, there are a lot of legal and policy and privacy implications for that for private-sector companies versus government assets,” Goodrich told FCW.

Check Also

Jupiter Asteroids

NASA Confirms Integration Schedule of Lucy Asteroid Probe Mission

NASA has concluded the systems integration review of a space probe mission that will explore Jupiter's Trojan asteroids, verifying the spacecraft's components for integration. The review evaluated the integration schedule of the Lucy spacecraft's subsystems, electrical components, scientific instruments, navigation systems and communications.

Leave a Reply

Your email address will not be published. Required fields are marked *