With the rise of cloud computing, there has been an increased emphasis within the government to transition to commercial cloud services. In fact, it is actually mandated within the government to move to cloud-based services if they are available to meet the mission need of the federal agency. This is all in an effort to […]
As we discussed in our FedRAMP compliance article, there are two paths to obtain a FedRAMP Authorization to Operate (ATO). The first option is to obtain a FedRAMP ATO from a specific government agency, and the second option is to receive a FedRAMP Provisional Authorization to Operate (P-ATO) from the Joint Authorization Board (JAB). The […]
It is hard to read tech news today without coming across something regarding the cloud – and rightfully so. The cloud (or cloud computing) has become such an integral part of today’s technology world that it is hard to imagine where we would be without it. The ability to provision and promote to operations networks, […]
In the cyber-security industry, the only constant, it seems, is change. The threat landscape is always shifting as cyber criminals seek new ways to exploit individuals, corporations, and nations themselves. One significant shift in the threat landscape is with cryptojacking. While the impact to individuals and organizations is not maleficent like ransomware or theft or […]
Last month I wrote about the importance of security policies and provided some basic principles for developing solid security policies.
Whether for an agency assessment or a Joint Authorization Board (JAB) assessment, the FedRAMP System Security Plan (SSP) is the foundational document that supports a FedRAMP assessment. From it, the government agency representatives and the Third Party Assessment Organization (3PAO) are able to get an understanding of how the FedRAMP baseline security controls are implemented […]
The Federal Information Security Management Act (FISMA) was originally released in December 2002 and established the importance of information security principles and practices within the Federal Government, noting that information security was “critical to the economic and national security interests of the United States.
Today’s information environments are always changing, whether through the development of new capabilities, patching systems, responding to new threats and vulnerabilities, or fixing discrepancies within the system. Each change to the system carries with it an inherent security risk. Therefore, that security risk must be evaluated in the context of the security posture of the […]
When most people think of hygiene, I would venture to say that technology or computer systems are not part of the mental picture. There are interesting parallels, however, between what we think of as “normal” hygiene and cyber hygiene.