Paramify
Compliance ProgramsControlsLeveraged SystemsInterconnectionsDeliverables

Controls

We take security, compliance, and privacy seriously. Explore our certifications, reports, and policies in one place.
⌘K

20x Low - Phase One Pilot

See All (51)
A streamlined, cost-effective authorization pathway for federal cloud security, designed to be Continuously Monitored, ensuring that security posture is maintained in real-time rather than just at the point of audit. Geared toward applications that handle data not strictly "public" but not "critically sensitive," where a breach would have serious adverse effects. Offers a faster route to authorization than traditional processes while ensuring robust monitoring and protection for moderate-risk data.

CED-01

Pass
Ensure all employees receive security awareness training

CED-02

Pass
Require role-specific training for high risk roles, including at least roles with privileged access

CMT-01

Pass
Log and monitor system modifications

IL5

See All (145)
Paramify Cloud is a cloud-based platform that streamlines compliance reporting and documentation for cloud service providers. It centralizes control, automates workflows, and ensures alignment with FedRAMP requirements, enhancing efficiency, accuracy, and security in compliance processes.

AC-12(1)

Pending
Provide a logout capability for user-initiated communications sessions whenever authentication is used to gain access to .

AC-12(2)

Pending
Display an explicit logout message to users indicating the termination of authenticated communications sessions.

AC-16(6)

Pending
Require personnel to associate and maintain the association of with in accordance with .

20x Moderate - Phase Two Pilot

See All (237)
The standard for federal cloud security designed to be Continuously Monitored, ensuring that security posture is maintained in real-time rather than just at the point of audit. Geared toward applications that handle data not strictly "public" but not "critically sensitive," where a breach would have serious adverse effects. Offers a faster route to authorization than traditional processes while ensuring robust monitoring and protection for moderate-risk data.

ADS-01

Pass
Providers MUST publicly share up-to-date information about the cloud service offering in both human-readable and machine-readable formats, including at least: • Direct link to the FedRAMP Marketplace for the offering • Service Model • Deployment Model • Business Category • UEI Number • Contact Information • Overall Service Description • Detailed list of specific services and their impact levels (see FRR-ADS-03) • Summary of customer responsibilities and secure configuration guidance • Process for accessing information in the trust center (if applicable) • Availability status and recent disruptions for the trust center (if applicable) • Customer support information for the trust center (if applicable)

ADS-02

Pass
Providers MUST use automation to ensure information remains consistent between human-readable and machine-readable formats when authorization data is provided in both formats; Providers SHOULD generate human-readable and machine-readable data from the same source at the same time OR generate human-readable formats directly from machine-readable data.

ADS-03

Pass
Providers MUST share a detailed list of specific services and their impact levels that are included in the cloud service offering using clear feature or service names that align with standard public marketing materials; this list MUST be complete enough for a potential customer to determine which services are and are not included in the FedRAMP authorization without requesting access to underlying authorization data.

Paramify Cloud FedRAMP High

See All (837)

AC-10

Pass
Limit the number of concurrent sessions for each to .

AC-11(1)

Pass
Conceal, via the device lock, information previously visible on the display with a publicly viewable image.

AC-11 Part a

Pass
Prevent further access to the system by .