Understand/document information system specifications and security controls, including logical and physical diagrams, connectivity, communication, and data flow diagrams, both internal and external to the system.
Advise stakeholders on multiple courses of action in an environment with changing unconfirmed policy, e.g., NIST RMF and DISA SRG.
Document multiple courses of action and identify risk mitigation recommendations in accordance with FedRAMP requirements, procedures, and best practices, with associated benefits/drawbacks to each.
Apply enterprise security frameworks and capabilities, such as FISMA, NIST SP 800, etc. towards existing initiatives such as cloud environments.
Develop/update policies and procedures to implement FedRAMP compliance as well as compliant with NIST 800-171 security requirements and other