SecureIT and Rackspace continue to streamline FedRAMP compliance for SaaS providers through the Rackspace Inheritable Security Controls (RISC) program. The partners are currently working together on four FedRAMP gap assessment projects that expedite documentation, remediation and assessment efforts. For more information on RISC, click here.
Werner Lippuner has joined SecureIT as Senior Vice President of Strategy and Operations. Prior to joining SecureIT, Werner spent over three decades at EY providing assurance and advisory services to clients in different industries. In his recent role, he was a Partner responsible for services provided to large cabinet-level Federal agencies. Prior to that, he [...]
Compliance with the Cybersecurity Maturity Model Certification (CMMC) program requires DoD contractors to undergo cybersecurity audit and certification, beginning in 2020/2021. Based on NIST 800-171 controls, the CMMC will be a single standard for all DoD contracts. Previous regulations for DoD contractors handling controlled unclassified information (CUI) allowed for self-certification of compliance with appropriate NIST 800-171 [...]
By Jamie Graf CSPs providing Low-Impact Software-as-a-Service (LI-SaaS) products can take advantage of a FedRAMP Tailored authorization for a streamlined approach to compliance. The FedRAMP Tailored authorization is for low-risk applications such as collaboration tools, project management applications, and tools that help develop open-source code. FedRAMP Tailored was designed to make low-risk applications available to [...]
By David Trout In a recent report published by the GAO, it was found that “from June 2017 to July 2019, the number of authorizations granted through FedRAMP by the 24 agencies increased from 390 to 926, a 137 percent increase.” Although it was found that some agencies did not consistently use FedRAMP-authorized cloud services, the data [...]
By Greg Kent In response to rising levels of data theft from contractors in the Department of Defense (DoD) supply chain, the Pentagon has announced the development of a program: the Cybersecurity Maturity Model Certification (CMMC). The DoD is working with John Hopkins University Applied Physics Laboratory (APL) and Carnegie Mellon University Software Engineering Institute (SEI) [...]
Compliance with the Cybersecurity Maturity Model Certification (CMMC) program requires DoD contractors to undergo cybersecurity audit and certification, beginning mid 2020. CMMC will be a single standard for all DoD contracts that considers the security control and the institutionalization of cyber processes across a contractor's enterprise assets including development environments for mission systems. Previous regulations [...]
SecureIT has been awarded a five-year U.S. General Services Administration (GSA) IT Schedule 70 contract (47QTCA19D00FE). This contract, with potential of three (5) year options to follow, enables SecureIT to partner with federal, state, and local governments and provide cybersecurity advisory, risk, and compliance expertise through Special Item Number (SIN) 132-51. IT Schedule 70 provides [...]
By Tobias McCurry As part of our penetration testing and vulnerability assessment services, SecureIT uses an application security testing (AST) tool called Burp by PortSwigger. (No, I don’t know why they’ve selected that name!.) We regularly use Burp to scan web applications, identify vulnerabilities and misconfigurations, and actively exploit to penetrate and escalate privileges. Burp’s [...]
By Corey Clements Protecting the Country’s Data Ask what data can do for you but also ask what is required to protect your organization’s data. Data is only valuable when it provides insight for better actions. Stats and facts collecting database dust yields no benefits. But in order to analyze and share data, it must [...]
