Resources

FedRAMP Major Release – Rev. 5 Impacts (NIST SP 800-53)

Overview of the final FedRAMP (NIST SP 800-53) Rev. 5 release.

XRAMP – Security Assessments Evolved

Point in time security assessments have been around a long time. Do they provide the level of assurance that business, downstream customers, and the government expects? Is it enough in the digital world that is constantly evolving? The concept of continuous assurance isn’t new, but limited progress has been made in terms of the way we manage risk. This traditional assessment model will not change overnight, but there absolutely has to be a better to way improve it.

Blog

Establishing an Internal Common Control Framework (CCF)

In this blog post, we explore the idea that treating NIST 800-53 as a common baseline set of controls, organizations can build a solid cybersecurity foundation that extends across different standards.

Blog

Understanding NIST SSDF compared to FedRAMP

NIST SSDF is a high-level framework of secure software development practices based on established standards and guidelines.

Blog

Red Team FedRAMP Introduction

With the transition to NIST SP 800-53 rev 5 comes the requirement for more proactive, adversarial testing for those wishing to meet the moderate and high accreditation standard. Admittedly, the control as written leaves this requirement open-ended and in need of some interpretation to properly apply in the FedRAMP context.

Blog

NIST 800-53 Revision 4 to Revision 5: A Deep Dive into CM-6 Configuration Settings for Cloud Service Providers

With the transition from Rev 4 to Rev 5, many Cloud Services Providers (CSPs) striving towards or maintaining Federal Risk and Authorization Management Program (FedRAMP) authorization are experiencing numerous hurdles when achieving compliance.

Blog

Why Your FedRAMP Penetration Test Might Suck

In today’s rapidly evolving digital landscape, ensuring the security of government data is vital.

Blog

Container Vulnerability Scanning in FedRAMP Environments

Since early 2018, the FedRAMP Program Management Office (PMO) has instituted vulnerability scanning guidance for Cloud Service Providers (CSPs).

Blog

Tips for hacking into the cybersecurity industry

Looking to learn about what it takes to break into the cybersecurity field? Look no further – Candice MacDonnell has a good story to share from Fortreum.

Blog

SOC 2 & FedRAMP – Why Fortreum is different

Audit time. It’s one of the most dreaded times of the year (or multiple times per year) for a security manager/CISO/administrator, etc. Is it because of the auditor? I’d like to hope not (at least for us)! Most often, it is TIME itself that is dreaded for assessments, and what is dreaded even more so is when there are multiple assessments running at the same time. How do cloud service providers move towards consolidated assessments (such as SOC 2 and FedRAMP) while preserving internal time and impact?

Blog

Fortreum Associates – an integrated approach to SOC 2 and other IT audit engagements

It’s time. A few months after joining up with some old colleagues/friends at Fortreum, LLC, I’m pleased to announce that Fortreum Associates, LLC is open for business! Fortreum Associates is a licensed and registered CPA firm that specializes in information security audits, examinations, and attestations (SOC 1 and SOC 2).

Contact us to discuss your cyber and cloud business needs. We’re happy to share our insights and work with you as your business evolves.

XRAMP

CMMC/800-171

DoD Cloud

FedRAMP

FISMA

HIPAA

SOC

StateRAMP

ISO

XRAMP

CMMC/800-171

DoD Cloud

FedRAMP

FISMA

HIPAA

SOC

StateRAMP

ISO

XRAMP

CMMC/800-171

DoD Cloud

FedRAMP

FISMA

HIPAA

SOC

StateRAMP

ISO

XRAMP

CMMC/800-171

DoD Cloud

FedRAMP

FISMA

HIPAA

SOC

StateRAMP

ISO

XRAMP

CMMC/800-171

DoD Cloud

FedRAMP

FISMA

HIPAA

SOC

StateRAMP

ISO

XRAMP

CMMC/800-171

DoD Cloud

FedRAMP

FISMA

HIPAA

SOC

StateRAMP

ISO

XRAMP

CMMC/800-171

DoD Cloud

FedRAMP

FISMA

HIPAA

SOC

StateRAMP

ISO

XRAMP

CMMC/800-171

DoD Cloud

FedRAMP

FISMA

HIPAA

SOC

StateRAMP

ISO

XRAMP

CMMC/800-171

DoD Cloud

FedRAMP

FISMA

HIPAA

SOC

StateRAMP