Paramify Cloud
ParamifyReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
12 reviews
from
External reviews are not included in the AWS star rating for the product.
Effortless Setup, Simplified Document Automation
What do you like best about the product?
I love Paramify's simple UI and user experience, and the way it solves problems. It's really simple to get set up and document our architecture. It automates 90-95% of an SSP. It makes our traditional work much more efficient as a business.
What do you dislike about the product?
It was really difficult to understand risk solutions concept how that maps the additional frameworks. However, I have grown to like it.
What problems is the product solving and how is that benefiting you?
I use Paramify to document all of our FedRAMP and CMMC documentation. It automates a very manual process, making us much more efficient and speeding up traditional work.
Impressive Tool and Company
What do you like best about the product?
Simplifies FedRAMP SSP authoring and maintenance
What do you dislike about the product?
Wish the POA&M Management feature supported all facets of ConMon (currently just vulnerability management / tracking)
What problems is the product solving and how is that benefiting you?
We use Paramify for FedRAMP SSP documentation generation and maintenance...have not used their other offerings - standards (FISMA, CMMC) nor tool integrations (to Jira, ServiceNow). We've seen the POAM Management functionality but are not licensed for it.
Without Paramify, maintaining a ~50 file SSP (base doc + 10 attachments + 18 control family Policies + 18 Procedures) properly, is a near impossible task. The sheer # of controls (+ sub parts), depending on the FedRAMP impact level, plus the overlap in topics across the control implementation statements, causes most SSPs to erode in quality and accuracy quickly over time. IMO, Paramify simplifies / streamlines this maintenance in a few ways:
1. puts a web UI in front of 95% of these documents - no more editing word docs directly.
2. parameterizes the dozens of supporting tool / party names - simplifies reference searching and bulk updates...across the multiple documents.
3. provides ability to re-use implementation statement (parts) - we found this not as feasible as hoped...not because of the tool functionality but because our advisor was particular that most controls require unique implementation.
4. status / progress tracking - especially during initial authoring.
5. review workflow - ability to have users review implementation statements and add comments.
The tool has a modern look-and-feel, and we've found the Paramify staff to be knowledgeable, responsive and very engaged in the security compliance field. I know they've done a lot of work for FedRAMP 20x already, and we anticipate leveraging that when we make the 20x adaption in the future.
Without Paramify, maintaining a ~50 file SSP (base doc + 10 attachments + 18 control family Policies + 18 Procedures) properly, is a near impossible task. The sheer # of controls (+ sub parts), depending on the FedRAMP impact level, plus the overlap in topics across the control implementation statements, causes most SSPs to erode in quality and accuracy quickly over time. IMO, Paramify simplifies / streamlines this maintenance in a few ways:
1. puts a web UI in front of 95% of these documents - no more editing word docs directly.
2. parameterizes the dozens of supporting tool / party names - simplifies reference searching and bulk updates...across the multiple documents.
3. provides ability to re-use implementation statement (parts) - we found this not as feasible as hoped...not because of the tool functionality but because our advisor was particular that most controls require unique implementation.
4. status / progress tracking - especially during initial authoring.
5. review workflow - ability to have users review implementation statements and add comments.
The tool has a modern look-and-feel, and we've found the Paramify staff to be knowledgeable, responsive and very engaged in the security compliance field. I know they've done a lot of work for FedRAMP 20x already, and we anticipate leveraging that when we make the 20x adaption in the future.
Effortless Compliance Management with Outstanding Support
What do you like best about the product?
Easy creation of new projects with configurable security control identification that includes the new NSS Overlay required by all DoD systems (170+ additional controls over and above the existing 400+ high baseline controls).
Low form factor architecture makes deployment and implementation and supports much easier as the application requires only two Kubernetes containers which is a huge benefit for complex environments like mine.
Customer support is excellent and is responsive to feature recommendations. After a year of usage across two large assessment and numerous smaller changes the application has been solid based on extensive daily usage when bugs are identified they are remediated based on impact in a timely manner.
There are many upsides to using Paramify to includeP:
• “write once apply many” means global updates can be made across your Appendix A which has major downstream benefits to associated policy and procedure documents.
• Document Robot allows for automated SSP package creation rapidly
• POA&M management, whether manually using .csv load files or automatically using API key for scanning mechanisms integration is showing benefits on the monthly time expense to produce that artifact.
• Machine readable SSP package output puts you in a position of already being to produce it (using Document Robot) when your authorizer begins requiring it.
Low form factor architecture makes deployment and implementation and supports much easier as the application requires only two Kubernetes containers which is a huge benefit for complex environments like mine.
Customer support is excellent and is responsive to feature recommendations. After a year of usage across two large assessment and numerous smaller changes the application has been solid based on extensive daily usage when bugs are identified they are remediated based on impact in a timely manner.
There are many upsides to using Paramify to includeP:
• “write once apply many” means global updates can be made across your Appendix A which has major downstream benefits to associated policy and procedure documents.
• Document Robot allows for automated SSP package creation rapidly
• POA&M management, whether manually using .csv load files or automatically using API key for scanning mechanisms integration is showing benefits on the monthly time expense to produce that artifact.
• Machine readable SSP package output puts you in a position of already being to produce it (using Document Robot) when your authorizer begins requiring it.
What do you dislike about the product?
Kind of hard to point at anything specifically but in fairness the Solutions Capability may be beneficial for the production of brand new SSP packages but its benefits to a mature existing package using Custom Reponses would require substantial lift to implement so the benefit for me at this time just isn't there. However this may be something that another organization looking to use Paramify for it substantial capabilities may consider investing the time at point of ingest thus capturing this as a benefit going forward.
What problems is the product solving and how is that benefiting you?
Paramify helps to resolve the most important problem of all and that is time. There is never enough of it regardless of the number of people that you add to a team. The application centralizes SSP package generation where multiple people can edit security controls and enhancements directly without disrupting each other whereas a traditional document repository always has the potential for update collisions occurring.
Traditionally all 36 policy and procedures documents have to be individually reviewed and updated thus requiring the allotment of X amount of time dependent on the size of the upcoming assessment effort. With Paramify “3 clicks” and you have your SSP front matter, Appendix A, and the 36 policy/procedures documents along with other core appendices in a matter of seconds.
Traditionally all 36 policy and procedures documents have to be individually reviewed and updated thus requiring the allotment of X amount of time dependent on the size of the upcoming assessment effort. With Paramify “3 clicks” and you have your SSP front matter, Appendix A, and the 36 policy/procedures documents along with other core appendices in a matter of seconds.
Streamlined Control and Risk Management with Paramify
What do you like best about the product?
I really like the risk solution Paramify offers. It's an out-of-the-box solution that can be used from the first day, allowing us to get evidence from different platforms. The risk solution is inbuilt and can be tailored to our organization’s needs, which in turn connects to control and provides clarity on what kind of evidence needs to be produced. The initial setup was pretty easy, making it convenient for us.
What do you dislike about the product?
I would like more full-scale automation with cloud platforms like AWS and Azure, which can give us an easier lift.
What problems is the product solving and how is that benefiting you?
I find Paramify provides a streamlined control set with easy automation and an inbuilt risk solution tailored to our needs. It connects to control systems and clarifies the evidence we need, plus it gathers evidence from many platforms.
Paramify is a must have
What do you like best about the product?
Paramify streamlines and speeds up compliance tasks, making the process much simpler. It ensures that you address all necessary areas and respond to the appropriate questions, giving you confidence that nothing important is overlooked. It makes it easier to give customers and executives confidence in the work you are performing while producing artifacts and good dashboards to help show progress on the journey.
What do you dislike about the product?
Paramify is a fast evolving company, the one con I can say is that there isn't a mailing list for how fast they make changes or when new updates are available. There is a support site you can check for updates but it would be nice to have an automated email alert when new versions are up.
What problems is the product solving and how is that benefiting you?
Paramify makes the GRC process much more manageable, especially since it can often feel ambiguous at every stage. Rather than getting overwhelmed by the whole process, Paramify breaks tasks down into smaller, more approachable steps. The reporting features are already formatted to meet the expectations of 3PAOs, and the Solution Capabilities further simplify the entire workflow. The dashboards are amazing to help show progress your team is making which I feel like is always a struggle.
Paramify: A Cybersecurity Essential with Stellar UI Improvements
What do you like best about the product?
I really value Paramify's ability to organize and track security documents and processes against required controls, which provides a lot of support in government security processes. I like how I can select systems and processes, then use the pre-existing control policies and procedures to create a baseline. It's incredibly time-saving and reassuring to know that these policies and procedures have been vetted and are standardized across the cybersecurity landscape. The transition from Google Docs and Sheets was made very easy with help from Josh Dalton and his team.
What do you dislike about the product?
With the recent upgrade to form-based questions and responses, that resolved the biggest downside of excel entry and tracking. The next stage of upgrades will need to work through continued simplification and organization of the UI.
What problems is the product solving and how is that benefiting you?
Paramify helps organize and track security documents against required controls, saving time and providing comfort with vetted, standardized policies.
Effortless Compliance Management with Robust Features
What do you like best about the product?
I like Paramify's Simplified Compliance Content Management which makes managing FedRAMP Compliance documentation easier. The enhancement of new features, more compliance types, excellent customer support, and feedback integration are quite valuable to me. Paramify's AI-assisted content creation and suggestions significantly aid in my workflow. Managing the security controls is easier, and creating a new project and generating an SSP and relevant documents is very fast.
What do you dislike about the product?
POA&Ms and crosswalk between other compliance types could be improved. CMMC vs FedRAMP vs SOC2 and other compliance types can be mapped.
What problems is the product solving and how is that benefiting you?
I use Paramify for managing FedRAMP Compliance documentation. It simplifies Compliance Content Management, managing security controls, and quickly creating projects, SSPs, and relevant documents. The AI-assisted content creation and enhancement of new features add more compliance types, making my work easier.
Effortless to Use with Outstanding Customer Support
What do you like best about the product?
Ease of Use and the Customer Support is Amazing! Ease of Implementation is unreal. We integrated it into out stack with ease. The speed that Paramify is developing new features is crazy! Paramify is the best!!
What do you dislike about the product?
There is absolutely nothing I would change about paramify. I have no complaints at all. Continue to build and improve. Great Job!
What problems is the product solving and how is that benefiting you?
We have several issues that need to be addressed. Our current GRC solution is outdated, while paramify is modern, up-to-date, and constantly evolving. The platform's capability to generate documentation and make real-time adjustments is especially valuable. Overall, it has been a game changer for our FedRamp initiatives.
Effortless Compliance Documentation and Management
What do you like best about the product?
I love using Paramify because it is easy to use and nicely laid out. It really helps us handle the sheer weight of all the documentation for CMMC Level 2 compliance and keeps us up with changes, making it the perfect solution. The variables feature is particularly useful for updating certain stakeholders; I can make one change and it updates the entire catalog. Also, it's very easy to set up and maintain.
What do you dislike about the product?
I haven't researched it but maybe progress reports. As a director, I want to see progress on a weekly basis to better manage my people.
What problems is the product solving and how is that benefiting you?
I use Paramify for CMMC Level 2 compliance documentation, as it easily handles the volume and updates. It's user-friendly and allows single changes to refresh the entire catalog.
Outstanding Compliance and FedRAMP Support
What do you like best about the product?
Strong FedRAMP & compliance focus.
Very auditor friendly.
Clear POA&M tracking.
Very auditor friendly.
Clear POA&M tracking.
What do you dislike about the product?
Some workflows feel basic or manual.
Standard compliance reports are solid, but custom reporting or formatting can be limited without exports.
Standard compliance reports are solid, but custom reporting or formatting can be limited without exports.
What problems is the product solving and how is that benefiting you?
We are using it for SSP documentation as a part for getting the FedRAMP authorisation of our product.
showing 1 - 10