What the Field CISO Role Looks Like in Practice
Using Phil Venables' Field CISO framework as a lens to describe what the role actually looks like from inside it at Knox Systems, where the product is a FedRAMP shared boundary.
#FedRAMP
5 posts
-
-
NTC-0009: FedRAMP's Machine-Readable Future Just Got Real (and More Reasonable)
A breakdown of FedRAMP NTC-0009, the outcome of RFC-0024 on machine-readable authorization packages for Rev5, including what changed, the new timelines, and what it means for CSPs, 3PAOs, and agencies.
-
From Word Docs to Git: Building a Living SSP with compliance-trestle and AWS Config
A hands-on walkthrough of compliance-trestle and AWS Config rules turning your authorization package into a living, automated artifact, and why FedRAMP 20x is moving toward exactly this model.
-
FedRAMP 20x Doesn't Kill the Compliance Burden. It Reassigned It
FedRAMP 20x is the right vision but the compliance burden didn't disappear, it shifted from analysts to engineers. This post breaks down the integration tax, the GRC engineering skills gap, why 3PAO assessors now need to audit code instead of narratives, and what RFC-0017 actually demands of both sides of the table.
-
Pulling Back the Curtain on FedRAMP 20x
AWS's FedRAMP 20x readiness blog reveals what's really underneath: GRC engineering. Here's why compliance evidence is an engineering byproduct.