Insights
The Federal Risk and Authorization Management Program (FedRAMP) is undergoing significant transformations to streamline processes, enhance security, and improve the overall experience for Cloud Service Providers (CSPs) and federal agencies.
In this blog post, we explore the idea that treating NIST 800-53 as a common baseline set of controls, organizations can build a solid cybersecurity foundation that extends across different standards.
NIST SSDF is a high-level framework of secure software development practices based on established standards and guidelines.
In this blog post, we delve into the world of DNS Security Extensions (DNSSEC) and how you can implement them effectively with AWS Route 53 to fortify your AWS infrastructure and meet FedRAMP requirements.
With the transition to NIST SP 800-53 rev 5 comes the requirement for more proactive, adversarial testing for those wishing to meet the moderate and high accreditation standard. Admittedly, the control as written leaves this requirement open-ended and in need of some interpretation to properly apply in the FedRAMP context.
With the transition from Rev 4 to Rev 5, many Cloud Services Providers (CSPs) striving towards or maintaining Federal Risk and Authorization Management Program (FedRAMP) authorization are experiencing numerous hurdles when achieving compliance.
In today’s rapidly evolving digital landscape, ensuring the security of government data is vital.
Since early 2018, the FedRAMP Program Management Office (PMO) has instituted vulnerability scanning guidance for Cloud Service Providers (CSPs).
Looking to learn about what it takes to break into the cybersecurity field? Look no further – Candice MacDonnell has a good story to share from Fortreum.
Audit time. It’s one of the most dreaded times of the year (or multiple times per year) for a security manager/CISO/administrator, etc. Is it because of the auditor? I’d like to hope not (at least for us)! Most often, it is TIME itself that is dreaded for assessments, and what is dreaded even more so is when there are multiple assessments running at the same time. How do cloud service providers move towards consolidated assessments (such as SOC 2 and FedRAMP) while preserving internal time and impact?
