Today, we’re sitting down with StackArmor’s Martin Rieger — a FedRAMP veteran with over 300 engagements under his belt — for an unfiltered deep dive into the origin, evolution, and future of FedRAMP compliance.
We cover everything from the early days of DIACAP and gold images to today’s world of automation, OSCAL, and AI-powered documentation. Martin shares war stories, explains why so many companies fail audits even with AI, and gives his take on where FedRAMP 20x is headed.
Key takeaways - AI can't replace expertise: Using ChatGPT (or any AI) to generate FedRAMP documentation without human validation leads to failure—AI is a tool, not a replacement for expertise.
- Right tools + right people = success: AI and automation can massively accelerate compliance work if handled by professionals who understand the frameworks deeply.
- FedRAMP’s evolution: FedRAMP has matured from infrastructure-heavy beginnings to a focus on SaaS and cloud-native tools, with an increasing push toward automation and standards like OSCAL.
- Common ATO pitfalls: Many companies underestimate the effort required for continuous monitoring (ConMon) and maintaining their ATO, mistakenly thinking the hardest part is getting authorized.
- Martin: FedRAMP may move toward sponsor-less paths (like StateRAMP) for Low/Moderate baselines, and AI + OSCAL will likely reshape how security packages are created, validated, and shared.
This episode is loaded with insights for anyone serious about federal cloud compliance.
⏱️ Timestamps: 04:10 – Martin’s early FedRAMP journey & Navy background 10:00 – DIACAP, early tools, and Excel-era compliance 16:35 – How Kenny and Martin met (NIST OSCAL event story) 25:00 – StackArmor’s shift from golden images to modern cloud 35:00 – The problem with AI-generated SSPs 43:30 – POAMs, audit problems, and compliance documentation 49:45 – FISMA vs. FedRAMP, ‘FISRamp’, and ATO inefficiencies 56:40 – Predictions: FedRAMP 20x, agency sponsorship & PMO 1:02:20 – The future of FedRAMP automation & OSCAL + AI
🔗 Learn more about StackArmor: https://stackarmor.com/ 👤Learn more about Martin Rieger: https://www.linkedin.com/in/martinrieger/
🔗 Learn more about Paramify: https://www.paramify.com/?utm_medium=social 👤 Connect with Kenny: Kenny G. Scott: / https://www.linkedin.com/in/kenny-g-scott/ 👤 Connect with Mike: Mike Schreiner: / https://www.linkedin.com/in/mikecschreiner/
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.