After an organization’s system has achieved a provisional Authorization to Operate (ATO), there are more than 50 continuous monitoring controls required by FedRAMP to maintain compliance.

Kratos provides continuous monitoring services to help Cloud Service Providers (CSPs) maintain their ATO. Kratos provides on-going continuous monitoring services on a quarterly, annual, or every three- or five-year basis to satisfy FedRAMP requirements.

Continuous Monitoring Services

Kratos services include the mandatory services to be performed by a 3PAO on an annual basis, such as:

• Assessing a subset of controls
• Performing penetration testing
• Scanning operating systems/infrastructure, web applications, and databases
• Assisting in CSP self-attestation, change control, and incident response reporting

Benefits of Continuous Monitoring

• Maintain and simplify compliance on an ongoing basis
• Provide a nearly real-time view of risk versus traditional “point-in-time” legacy risk methods
• Streamline processes for continuous monitoring and security risk assessment
• Automate many manual tasks to reduce time and resource constraints
• Remediate issues proactively rather than waiting for a future assessment to uncover the failure
• Attest to compliance with greater accuracy, reducing threats, breaches, and audits
• Identify and mitigate risk by significantly reducing vulnerability exploitation time windows