As we discussed in our FedRAMP compliance article, there are two paths to obtain a FedRAMP Authorization to Operate (ATO). The first option is to obtain a FedRAMP ATO from a specific government agency, and the second option is to receive a FedRAMP Provisional Authorization to Operate (P-ATO) from the Joint Authorization Board (JAB). The […]
It is hard to read tech news today without coming across something regarding the cloud – and rightfully so. The cloud (or cloud computing) has become such an integral part of today’s technology world that it is hard to imagine where we would be without it. The ability to provision and promote to operations networks, […]
In the cyber-security industry, the only constant, it seems, is change. The threat landscape is always shifting as cyber criminals seek new ways to exploit individuals, corporations, and nations themselves. One significant shift in the threat landscape is with cryptojacking. While the impact to individuals and organizations is not maleficent like ransomware or theft or […]
In a previous blog post, I outlined how security procedures fit in your overall information security documentation library and how they provide the “how” when it comes to the consistent implementation of security controls in an organization. This blog post takes you back to the foundation of an organization’s security program – information security policies […]
Last month I wrote about the importance of security policies and provided some basic principles for developing solid security policies.
Whether for an agency assessment or a Joint Authorization Board (JAB) assessment, the FedRAMP System Security Plan (SSP) is the foundational document that supports a FedRAMP assessment. From it, the government agency representatives and the Third Party Assessment Organization (3PAO) are able to get an understanding of how the FedRAMP baseline security controls are implemented […]
The Federal Information Security Management Act (FISMA) was originally released in December 2002 and established the importance of information security principles and practices within the Federal Government, noting that information security was “critical to the economic and national security interests of the United States.
Today’s information environments are always changing, whether through the development of new capabilities, patching systems, responding to new threats and vulnerabilities, or fixing discrepancies within the system. Each change to the system carries with it an inherent security risk. Therefore, that security risk must be evaluated in the context of the security posture of the […]
Since November 2013 with the release of its initial rule on safeguarding covered defense information and cyber incident reporting, the Department of Defense (DOD) has been working to impose additional requirements on defense contractors that process, store, or transmit what is identified as covered defense information. The Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 […]