Resources

XRAMP – Security Assessments Evolved

Point in time security assessments have been around a long time. Do they provide the level of assurance that business, downstream customers, and the government expects? Is it enough in the digital world that is constantly evolving? The concept of continuous assurance isn’t new, but limited progress has been made in terms of the way we manage risk. This traditional assessment model will not change overnight, but there absolutely has to be a better to way improve it.

Blog

Red Team FedRAMP Introduction

With the transition to NIST SP 800-53 rev 5 comes the requirement for more proactive, adversarial testing for those wishing to meet the moderate and high accreditation standard. Admittedly, the control as written leaves this requirement open-ended and in need of some interpretation to properly apply in the FedRAMP context.

Read More
Whitepaper

Breaking Out and Breaking In

Transitioning from a career in law enforcement to one in cybersecurity was, on paper, a relatively short journey, lasting some 18 months of graduate school while pursuing a master’s degree in Cybersecurity Technology.

Read More
Whitepaper

StateRAMP Fundamentals & StateRAMP Fast Track

StateRAMP is a non-profit organization that launched in early 2021 with the goal of providing a standardized approach to cloud cybersecurity authorization for State and Local governments. You might ask, why create another governing body when a proven framework for the federal government like FedRAMP exists? We get it, each industry and governing body needs to be a special snowflake. Before we jump to conclusions, let’s dive into the StateRAMP program to see if cloud service providers (CSP) should be paying attention for future business opportunity.

Read More
Blog

SOC 2 & FedRAMP – Why Fortreum is different

Audit time. It’s one of the most dreaded times of the year (or multiple times per year) for a security manager/CISO/administrator, etc. Is it because of the auditor? I’d like to hope not (at least for us)! Most often, it is TIME itself that is dreaded for assessments, and what is dreaded even more so is when there are multiple assessments running at the same time. How do cloud service providers move towards consolidated assessments (such as SOC 2 and FedRAMP) while preserving internal time and impact?

Read More

Contact us to discuss your cyber and cloud business needs. We’re happy to share our insights and work with you as your business evolves.