I would assume so, and I'm probably overthinking this. Mainly, I'm curious if I can leverage existing FedRAMP Moderate compliant services to satisfy requirements like Continuous Monitoring with Security Hub & AWS Config, and utilizing GuardDuty for IDS, Amazon Detective for correlation, and Amazon Inspector for Vulnerability Management?

I know I'll need to implement automated scanning and manual verification throughout devops, but I'm trying to limit the lift to implement services that are outside of my current Ops' team wheelhouse.