skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


  • Home
  • Search Results
  • Page 1 of 1

Search for: All records

Award ID contains: 2336409

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. (, Arxiv. Presented at SiRAcon 25, September 9-11, 2025.)
    The U.S. Federal Risk and Authorization Management Program (FedRAMP) has long relied on extensive sets of controls and static documentation to assess cloud systems. However, this manual, point-in-time approach has struggled to keep pace with cloud-native development. FedRAMP 20x, a 2025 pilot program, reimagines the NIST Risk Management Framework (RMF): replacing traditional NIST 800-53 controls with Key Security Indicators (KSIs), using automated, machine-readable evidence, and emphasizing continuous reporting and authorization. This case study presents a practitioner-led field report from an industry participant who led multiple FedRAMP 20x pilot submissions and engaged directly with the FedRAMP PMO, 3PAOs, and community working groups. It explores how KSIs, continuous evidence pipelines, and DevSecOps integration can streamline authorization and improve cyber risk management. The study shows FedRAMP 20x as a live testbed for implementing the RMF in a cloud-native, automation-first approach and shares actionable recommendations for risk professionals seeking to modernize compliance and support real-time, risk-informed decision-making. 
    more » « less
    Free, publicly-accessible full text available September 10, 2026
  2. ; (, ACM)
    Document files with sensitive information are used across nearly every industry. In recent years, cyberattacks have resulted in millions of sensitive documents being exposed. Although document encryption methods exist, they are often flawed in terms of usability, security, or deployability. We present a structured framework for evaluating document encryption methods, adapting the usability-deployability-security ("UDS") model to the document encryption context. We apply this framework to compare current methods, performing a comprehensive evaluation of nine document protection methods, including password-based, passwordless, and cloud-based approaches. Our analysis across 15 design properties highlights the benefits and limitations of current methods. We propose strategies and design recommendations to address key limitations such as memory-wise effort, granular protection, and shareability. 
    more » « less
    Free, publicly-accessible full text available August 27, 2026