FedRAMP Continuous Monitoring & ConMon Support

Engagement Type: FedRAMP Continuous Monitoring (ConMon)
Client: FedRAMP Authorized Cloud Service Provider
Engagement Start: January 2023
Engagement Type: Ongoing Annual Retainer
Framework: FedRAMP Moderate / NIST SP 800-137

A cloud service provider with an existing FedRAMP Moderate ATO engaged Krieger Security to manage their ongoing Continuous Monitoring (ConMon) obligations. The client’s internal team lacked the bandwidth and expertise to maintain FedRAMP ConMon requirements, including monthly vulnerability reporting, POA&M management, and incident reporting — placing their authorization status at risk.

 

Krieger Security’s ConMon managed service keeps authorized providers continuously compliant with FedRAMP reporting requirements, protecting their government revenue streams and agency relationships year over year.

gallery-1

gallery-2

gallery-3

gallery-4

THE CHALLENGE

The client had fallen behind on monthly vulnerability scan reporting and had an aging POA&M with unresolved findings, creating risk of ATO suspension by the sponsoring agency. Their security team had limited FedRAMP-specific experience and needed expert guidance to get back into compliance.

The client also needed help preparing for their annual assessment with their 3PAO, including updating their SSP to reflect system changes, documenting new control implementations, and preparing evidence packages for each control family.

THE STRATEGY

Krieger Security assumed full management of the client’s FedRAMP ConMon program, including monthly vulnerability scan review and submission, POA&M triage and tracking, significant change request preparation, and agency reporting deliverables.

Our team resolved all outstanding POA&M items within 90 days, brought monthly reporting current, and successfully guided the client through their annual 3PAO assessment with no significant deficiencies — maintaining their FedRAMP ATO and preserving $12M in annual government contract revenue.

THE CHALLENGE

Restoring FedRAMP ConMon compliance after falling behind on monthly reporting obligations while managing an aging POA&M with outstanding findings.

Project Gallery

blank image
blank image
blank image
blank image
blank image
blank image

CLIENT’S TESTIMONIALS

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident. Krieger Security continues to manage this client’s ConMon program on an annual retainer basis, ensuring they remain perpetually audit-ready and agency relationships remain strong. The engagement has expanded to include two additional agency authorizations.

Benjamin Tickle, Project Manager
Company Name Inc