About Chor-Ching Fan

This author has not yet filled in any details.
So far Chor-Ching Fan has created 96 blog entries.

Guidance for CSPs & DoD Contractors Using Cloud Services to Handle CUI

2022-09-12T16:29:54+00:00

By Greg Kent, Senior Vice President, CTO A previous blog discussed the latest guidance from DoD and the Cyber AB in the draft CMMC Assessment Process (CAP) document. Specifically, CSPs need to address both criteria defined in the CMMC CAP: (1)  documenting an SSP that attests to the compliance status, describes how the requirement [...]

Guidance for CSPs & DoD Contractors Using Cloud Services to Handle CUI2022-09-12T16:29:54+00:00

Understanding DoD FedRAMP Moderate Equivalency Requirements for CSPs

2022-08-26T13:43:43+00:00

By Greg Kent, Senior Vice President, CTO DoD contractors using a cloud service provider (CSP) to store, process, or transmit covered defense information (CDI)/controlled unclassified information (CUI) must require and ensure that the CSP meets security requirements equivalent to those within the FedRAMP Moderate baseline. Since DFARS clause 252.204-7012 section (b)(2)(ii)(D) was finalized, many [...]

Understanding DoD FedRAMP Moderate Equivalency Requirements for CSPs2022-08-26T13:43:43+00:00

CEO David Trout Talks FedRAMP at DICE EAST

2022-05-20T19:02:31+00:00

SecureIT's President and CEO David Trout joins a panel of distinguished leaders from Intel, Oracle, Mitre and Microsoft to discuss data center readiness for government cloud solutions.  Chief amongst the topics at DICE EAST on May 25th is how colocation providers can prepare to tackle FedRAMP authorization.  With Northern Virginia on pace to soon become [...]

CEO David Trout Talks FedRAMP at DICE EAST2022-05-20T19:02:31+00:00

Clarifying Cloudy Responsibilities for CMMC Success

2022-05-12T19:00:16+00:00

By Connor Payne With CMMC generally consisting of a “follow the data” exercise, DoD contractors often underestimate their reliance on third-party vendors to store, protect, process, or transmit CUI data. Many small and midsize businesses (SMBs) rely heavily on managed service providers (MSPs) and even more refined services such as managed security service providers (MSSPs), [...]

Clarifying Cloudy Responsibilities for CMMC Success2022-05-12T19:00:16+00:00

Shared Responsibilities: You’re Not (Totally) Off the Hook

2022-06-08T19:13:25+00:00

By Connor Payne Inherited controls from a cloud service provider such as Amazon Web Services (AWS) or Microsoft Azure include physical and environmental controls that a customer fully inherits from the provider. In general terms, shared responsibility means that the cloud service provider is responsible for the security of the cloud while the customer is [...]

Shared Responsibilities: You’re Not (Totally) Off the Hook2022-06-08T19:13:25+00:00

The FIPS 199 Categorization of Cloud System for FedRAMP

2022-02-04T14:22:06+00:00

By Greg Kent, Senior Vice President, CTO FedRAMP has control baselines for low, moderate, and high impact systems. The appropriate baseline, and therefore the particular control requirements that apply, depend on the system impact level or categorization. The FedRAMP impact level or categorization of a system is determined by formal process defined by FIPS Publication [...]

The FIPS 199 Categorization of Cloud System for FedRAMP2022-02-04T14:22:06+00:00

Successfully Transitioning to NIST 800-53 Rev5

2022-09-21T14:56:56+00:00

By Greg Kent, Senior Vice President, CTO NIST SP 800-53 is a catalog of security and privacy controls designed to protect US federal information systems and organizations from cybersecurity risks. Addressing the requirements stated in the NIST 800-53 Rev 5 controls requires organizations to improve their cybersecurity, a top priority for passage of the [...]

Successfully Transitioning to NIST 800-53 Rev52022-09-21T14:56:56+00:00

Enterprise Security for the Remote Workplace – 3 Remote Access Settings Worth Reviewing

2022-02-04T14:19:54+00:00

By Tobias McCurry Although remote access into corporate networks isn’t new, such widespread, continuous use of remote access is.  Organizations very early on identified capacity issues, but some legacy security risks in remote access solutions may be exacerbated by the extensive use of remote access under a widespread work from home scenario.  Accordingly, it may [...]

Enterprise Security for the Remote Workplace – 3 Remote Access Settings Worth Reviewing2022-02-04T14:19:54+00:00

VDI for CUI

2022-02-04T18:53:42+00:00

By Josh Griswell One approach that contractors can take in approaching CMMC is including all of their infrastructure within the scope boundary for a CMMC certification. This means that all of the company’s components and devices would have to follow the processes and practices required by CMMC. The larger the company’s environment, the more complex [...]

VDI for CUI2022-02-04T18:53:42+00:00

SecureIT Joins Effort to Improve DoED Security

2022-01-29T01:59:34+00:00

June 9, 2021 The Department of Education (DoED) has selected a team that includes SecureIT for their Cybersecurity and Privacy Support Services (CPSS) contract program.  We look forward to working alongside our partners and providing our security, risk and audit expertise to address DoED's cybersecurity health and compliance requirements.

SecureIT Joins Effort to Improve DoED Security2022-01-29T01:59:34+00:00
Go to Top