Brian Conrad, acting director of the Federal Risk Authorization Management Program, said FedRAMP wants to apply a threat-scoring methodology to evaluate security controls, Federal News Network reported Thursday.
Conrad said FedRAMP is working to implement the fifth control catalog revision of the National Institute of Standards and Technology's Special Publication 800-53.
“We’re ensuring that the controls that are in the baselines are value add, that they are helping with the protect, detect and response [cyber activities] in keeping federal information secure,” he said.
The acting director said his team is applying a threat-based scoring system to evaluate security controls in line with the publication.
Conrad stated that he hopes the threat-based control assessment would help cloud providers and agencies determine which controls must be prioritized in terms of security.