Brian Conrad: FedRAMP to Implement Threat-Based Scoring in Security Control Assessments

1 min read
Brian Conrad
Brian Conrad Acting Director FedRAMP

Brian Conrad, acting director of the Federal Risk Authorization Management Program, said FedRAMP wants to apply a threat-scoring methodology to evaluate security controls, Federal News Network reported Thursday.

Conrad said FedRAMP is working to implement the fifth control catalog revision of the National Institute of Standards and Technology's Special Publication 800-53.

“We’re ensuring that the controls that are in the baselines are value add, that they are helping with the protect, detect and response [cyber activities] in keeping federal information secure,” he said.

The acting director said his team is applying a threat-based scoring system to evaluate security controls in line with the publication.

Conrad stated that he hopes the threat-based control assessment would help cloud providers and agencies determine which controls must be prioritized in terms of security.

ExecutiveGov Logo

Sign Up Now! Executive Gov provides you with Free Daily Updates and News Briefings about Government Technology

Become a Registered Reader
Register to enjoy unlimited access to articles, interviews, and invaluable govcon content. You'll also receive our daily briefing straight to your inbox.

This will close in 0 seconds