FedRAMP Continuous Monitoring
Kratos also provides continuous monitoring services to help CSPs maintain their FedRAMP ATO. On-going continuous monitoring services can be provided on a quarterly, annual, or every three- or five-year basis to satisfy FedRAMP requirements.
Continuous monitoring also includes mandatory services to be performed by a 3PAO. For example, assessing a subset of controls, performing penetration testing, and scanning operating systems/infrastructure, web applications, and databases on an annual basis.