It’s time. A few months after joining up with some old colleagues/friends at Fortreum, LLC, I’m pleased to announce that Fortreum Associates, LLC is open for business! Fortreum Associates is a licensed and registered CPA firm that specializes in information security audits, examinations, and attestations (SOC 1 and SOC 2).
Point in time security assessments have been around a long time. Do they provide the level of assurance that business, downstream customers, and the government expects? Is it enough in the digital world that is constantly evolving? The concept of continuous assurance isn’t new, but limited progress has been made in terms of the way we manage risk. This traditional assessment model will not change overnight, but there absolutely has to be a better to way improve it.
StateRAMP is a non-profit organization that launched in early 2021 with the goal of providing a standardized approach to cloud cybersecurity authorization for State and Local governments. You might ask, why create another governing body when a proven framework for the federal government like FedRAMP exists? We get it, each industry and governing body needs to be a special snowflake. Before we jump to conclusions, let’s dive into the StateRAMP program to see if cloud service providers (CSP) should be paying attention for future business opportunity.
Overview of the draft release of NIST SP 800-53 Rev. 5 for FedRAMP
Understanding the DoD Cloud Authorization Process
Primer on FIPS and FedRAMP for 140-2 and 140-3
Starting Your Journey With The FedRAMP RAR Assessment
Stay informed with our Industry Compliance Roadmaps, Technical Testing, Interviews and Resources to help you simplify cybersecurity and compliance.