Brian Conrad: FedRAMP to Implement Threat-Based Scoring in Security Control Assessments

Brian Conrad: FedRAMP to Implement Threat-Based Scoring in Security Control Assessments
Brian Conrad Acting Director FedRAMP

Brian Conrad, acting director of the Federal Risk Authorization Management Program, said FedRAMP wants to apply a threat-scoring methodology to evaluate security controls, Federal News Network reported Thursday.

Conrad said FedRAMP is working to implement the fifth control catalog revision of the National Institute of Standards and Technology's Special Publication 800-53.

“We’re ensuring that the controls that are in the baselines are value add, that they are helping with the protect, detect and response [cyber activities] in keeping federal information secure,” he said.

The acting director said his team is applying a threat-based scoring system to evaluate security controls in line with the publication.

Conrad stated that he hopes the threat-based control assessment would help cloud providers and agencies determine which controls must be prioritized in terms of security.

You may also be interested in...

Arun Vemury

DHS Hosting Event to Find Next Generation of Facial Recognition Technology; Arun Vemury Quoted

The Department of Homeland Security's Science and Technology (DHS S&T) Directorate will host an event in Sept. 2021 to assess commercially made facial recognition technologies. DHS's Biotechnology Rally will assess how these technologies from different companies perform in different environments and challenging scenarios.