To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Entrepreneur Business Paramify
Content provided by Paramify. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Paramify or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

The Paramify Podcast « »
#43 - Martin Rieger on FedRAMP 20X, The Future of FedRAMP Compliance, Cloud, and Security

1:05:41
 
Play
Playing
Share
 

MP3Episode home
Manage episode 482276356 series 3506943
Content provided by Paramify. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Paramify or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Today, we’re sitting down with StackArmor’s Martin Rieger — a FedRAMP veteran with over 300 engagements under his belt — for an unfiltered deep dive into the origin, evolution, and future of FedRAMP compliance.

We cover everything from the early days of DIACAP and gold images to today’s world of automation, OSCAL, and AI-powered documentation. Martin shares war stories, explains why so many companies fail audits even with AI, and gives his take on where FedRAMP 20x is headed.

Key takeaways
- AI can't replace expertise: Using ChatGPT (or any AI) to generate FedRAMP documentation without human validation leads to failure—AI is a tool, not a replacement for expertise.

- Right tools + right people = success: AI and automation can massively accelerate compliance work if handled by professionals who understand the frameworks deeply.

- FedRAMP’s evolution: FedRAMP has matured from infrastructure-heavy beginnings to a focus on SaaS and cloud-native tools, with an increasing push toward automation and standards like OSCAL.

- Common ATO pitfalls: Many companies underestimate the effort required for continuous monitoring (ConMon) and maintaining their ATO, mistakenly thinking the hardest part is getting authorized.

- Martin: FedRAMP may move toward sponsor-less paths (like StateRAMP) for Low/Moderate baselines, and AI + OSCAL will likely reshape how security packages are created, validated, and shared.

This episode is loaded with insights for anyone serious about federal cloud compliance.

⏱️ Timestamps:
04:10 – Martin’s early FedRAMP journey & Navy background
10:00 – DIACAP, early tools, and Excel-era compliance
16:35 – How Kenny and Martin met (NIST OSCAL event story)
25:00 – StackArmor’s shift from golden images to modern cloud
35:00 – The problem with AI-generated SSPs
43:30 – POAMs, audit problems, and compliance documentation
49:45 – FISMA vs. FedRAMP, ‘FISRamp’, and ATO inefficiencies
56:40 – Predictions: FedRAMP 20x, agency sponsorship & PMO
1:02:20 – The future of FedRAMP automation & OSCAL + AI

🔗 Learn more about StackArmor: https://stackarmor.com/
👤Learn more about Martin Rieger: https://www.linkedin.com/in/martinrieger/

🔗 Learn more about Paramify: https://www.paramify.com/?utm_medium=social
👤 Connect with Kenny: Kenny G. Scott: / https://www.linkedin.com/in/kenny-g-scott/
👤 Connect with Mike: Mike Schreiner: / https://www.linkedin.com/in/mikecschreiner/

  continue reading

46 episodes

#Entrepreneur #Business #Paramify
Artwork

#43 - Martin Rieger on FedRAMP 20X, The Future of FedRAMP Compliance, Cloud, and Security

The Paramify Podcast

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 482276356 series 3506943
Content provided by Paramify. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Paramify or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Today, we’re sitting down with StackArmor’s Martin Rieger — a FedRAMP veteran with over 300 engagements under his belt — for an unfiltered deep dive into the origin, evolution, and future of FedRAMP compliance.

We cover everything from the early days of DIACAP and gold images to today’s world of automation, OSCAL, and AI-powered documentation. Martin shares war stories, explains why so many companies fail audits even with AI, and gives his take on where FedRAMP 20x is headed.

Key takeaways
- AI can't replace expertise: Using ChatGPT (or any AI) to generate FedRAMP documentation without human validation leads to failure—AI is a tool, not a replacement for expertise.

- Right tools + right people = success: AI and automation can massively accelerate compliance work if handled by professionals who understand the frameworks deeply.

- FedRAMP’s evolution: FedRAMP has matured from infrastructure-heavy beginnings to a focus on SaaS and cloud-native tools, with an increasing push toward automation and standards like OSCAL.

- Common ATO pitfalls: Many companies underestimate the effort required for continuous monitoring (ConMon) and maintaining their ATO, mistakenly thinking the hardest part is getting authorized.

- Martin: FedRAMP may move toward sponsor-less paths (like StateRAMP) for Low/Moderate baselines, and AI + OSCAL will likely reshape how security packages are created, validated, and shared.

This episode is loaded with insights for anyone serious about federal cloud compliance.

⏱️ Timestamps:
04:10 – Martin’s early FedRAMP journey & Navy background
10:00 – DIACAP, early tools, and Excel-era compliance
16:35 – How Kenny and Martin met (NIST OSCAL event story)
25:00 – StackArmor’s shift from golden images to modern cloud
35:00 – The problem with AI-generated SSPs
43:30 – POAMs, audit problems, and compliance documentation
49:45 – FISMA vs. FedRAMP, ‘FISRamp’, and ATO inefficiencies
56:40 – Predictions: FedRAMP 20x, agency sponsorship & PMO
1:02:20 – The future of FedRAMP automation & OSCAL + AI

🔗 Learn more about StackArmor: https://stackarmor.com/
👤Learn more about Martin Rieger: https://www.linkedin.com/in/martinrieger/

🔗 Learn more about Paramify: https://www.paramify.com/?utm_medium=social
👤 Connect with Kenny: Kenny G. Scott: / https://www.linkedin.com/in/kenny-g-scott/
👤 Connect with Mike: Mike Schreiner: / https://www.linkedin.com/in/mikecschreiner/

  continue reading

46 episodes

#Entrepreneur #Business #Paramify

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play
icon
Help/FAQ | Advertise with Us
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play