In today’s rapidly evolving digital landscape, ensuring the security of government data is vital.

Since early 2018, the FedRAMP Program Management Office (PMO) has instituted vulnerability scanning guidance for Cloud Service Providers (CSPs).

Looking to learn about what it takes to break into the cybersecurity field? Look no further – Candice MacDonnell has a good story to share from Fortreum.

Audit time. It’s one of the most dreaded times of the year (or multiple times per year) for a security manager/CISO/administrator, etc. Is it because of the auditor? I’d like to hope not (at least for us)! Most often, it is TIME itself that is dreaded for assessments, and what is dreaded even more so is when there are multiple assessments running at the same time. How do cloud service providers move towards consolidated assessments (such as SOC 2 and FedRAMP) while preserving internal time and impact?

It’s time. A few months after joining up with some old colleagues/friends at Fortreum, LLC, I’m pleased to announce that Fortreum Associates, LLC is open for business! Fortreum Associates is a licensed and registered CPA firm that specializes in information security audits, examinations, and attestations (SOC 1 and SOC 2).

Commercial cloud service providers (CSPs) are responsible for maintaining a similar risk profile to the risks identified within their most recent Security Assessment Report (SAR). CSPs submit continuous monitoring deliverables each month for review by the FedRAMP PMO and their sponsoring agency or the Joint Authorization Board (JAB). These deliverables include a Plan of Action & Milestones (POA&M) and a Deviation Request (DR) list. FedRAMP Vulnerability Scanning Guidance from March 2018 requires that the vulnerabilities listed on these documents use the CVSSv3 calculation, when available, to determine a risk rating.

Exploring the implication to achieve CMMC certification.

Effective ConMon Strategies for Vulnerability Management