Home / News / Matthew Goodrich Eyes ‘Risk-Based’ Model for FedRAMP’s CDM Portion

Matthew Goodrich Eyes ‘Risk-Based’ Model for FedRAMP’s CDM Portion

Matthew Goodrich
Matthew Goodrich

Matthew Goodrich, director of the Federal Risk and Authorization Management Program, has said he wants to transform FedRAMP’s approach toward continuous monitoring of computer systems to a more “more risk-based” approach in an interview with FCW published Thursday.

Goodrich told FCW that the continuous monitoring functions within are FedRAMP is “solid” but remain based on compliance, Sean Lyngaas reports.

The Office of Management and Budget recommends that agencies move away from compliance-driven monitoring to a risk-based approach the Department of Homeland Security seeks to have with its Continuous Diagnstics and Mitigation initiative, according to FCW.

Lyngaas cited General Services Administration officials that said the two programs seem aligned, but noted CDM’s complex structure with its scheduled rollouts and monitoring styles as a possible challenge to a union with FedRAMP.

The report said Goodrich also cautioned against others concerns that could arise.

“When you’re looking at rolling up reporting into a dashboard with government data, there are a lot of legal and policy and privacy implications for that for private-sector companies versus government assets,” Goodrich told FCW.

Check Also

Andrew Charles: Navy Should Determine Where AI Fits Into System

Capt. Andrew Charles, director of tactical exploitation of national capabilities for the U.S. Navy, has said the service should determine where artificial intelligence technologies apply in its operations, and where they don't, Federal News Network reported Friday.

Leave a Reply

Your email address will not be published. Required fields are marked *