Shared Responsibilities: You’re Not (Totally) Off the Hook

2022-06-08T19:13:25+00:00

By Connor Payne Inherited controls from a cloud service provider such as Amazon Web Services (AWS) or Microsoft Azure include physical and environmental controls that a customer fully inherits from the provider. In general terms, shared responsibility means that the cloud service provider is responsible for the security of the cloud while the customer is [...]

Shared Responsibilities: You’re Not (Totally) Off the Hook2022-06-08T19:13:25+00:00

The FIPS 199 Categorization of Cloud System for FedRAMP

2022-02-04T14:22:06+00:00

By Greg Kent, Senior Vice President, CTO FedRAMP has control baselines for low, moderate, and high impact systems. The appropriate baseline, and therefore the particular control requirements that apply, depend on the system impact level or categorization. The FedRAMP impact level or categorization of a system is determined by formal process defined by FIPS Publication [...]

The FIPS 199 Categorization of Cloud System for FedRAMP2022-02-04T14:22:06+00:00

New 800-171 Assessment Process in DFARS Rule Change

2022-02-04T13:43:45+00:00

By Greg Kent The Department of Defense (DoD) recently released changes to DFARS rules for security assessments required for contractors. The CMMC Interim Rule (DFARS Case 2019-D041) requires defense contractors to self-report a score of compliance with 800-171 controls using a specified scoring methodology. Results of these assessments will be posted on the Supplier Performance [...]

New 800-171 Assessment Process in DFARS Rule Change2022-02-04T13:43:45+00:00

Sharpen Your Pencils for CMMC

2022-02-04T13:39:59+00:00

By Greg Kent Fall will be here before you know it, so now is a good time for DoD contractors to review their business development and contract strategy for the coming year. With CMMC being required for bidding on new contracts towards the end of 2020, there are big changes on the horizon. Once the [...]

Sharpen Your Pencils for CMMC2022-02-04T13:39:59+00:00

CMMC Solutions for Defense Contractors

2022-01-12T19:57:11+00:00

Compliance with the Cybersecurity Maturity Model Certification (CMMC) program requires DoD contractors to undergo cybersecurity audit and certification, beginning in 2020/2021. Based on NIST 800-171 controls, the CMMC will be a single standard for all DoD contracts. Previous regulations for DoD contractors handling controlled unclassified information (CUI) allowed for self-certification of compliance with appropriate NIST 800-171 [...]

CMMC Solutions for Defense Contractors2022-01-12T19:57:11+00:00

Is LI-SaaS your 2020 Fast Track to FedRAMP Success

2022-02-04T14:23:53+00:00

By Jamie Graf CSPs providing Low-Impact Software-as-a-Service (LI-SaaS) products can take advantage of a FedRAMP Tailored authorization for a streamlined approach to compliance. The FedRAMP Tailored authorization is for low-risk applications such as collaboration tools, project management applications, and tools that help develop open-source code. FedRAMP Tailored was designed to make low-risk applications available to [...]

Is LI-SaaS your 2020 Fast Track to FedRAMP Success2022-02-04T14:23:53+00:00

LI-SaaS: A Simpler Path to Gov Cloud Services Adoption

2022-02-04T13:47:53+00:00

By David Trout In a recent report published by the GAO,  it was found that “from June 2017 to July 2019, the number of authorizations granted through FedRAMP by the 24 agencies increased from 390 to 926, a 137 percent increase.”  Although it was found that some agencies did not consistently use FedRAMP-authorized cloud services,  the data [...]

LI-SaaS: A Simpler Path to Gov Cloud Services Adoption2022-02-04T13:47:53+00:00

DoD Contractors Prepare for CMMC

2022-02-04T13:50:00+00:00

By Greg Kent In response to rising levels of data theft from contractors in the Department of Defense (DoD) supply chain, the Pentagon has announced the development of a program: the Cybersecurity Maturity Model Certification (CMMC). The DoD is working with John Hopkins University Applied Physics Laboratory (APL) and Carnegie Mellon University Software Engineering Institute (SEI) [...]

DoD Contractors Prepare for CMMC2022-02-04T13:50:00+00:00

CMMC Compliance Solutions

2022-02-04T14:14:59+00:00

Compliance with the Cybersecurity Maturity Model Certification (CMMC) program requires DoD contractors to undergo cybersecurity audit and certification, beginning mid 2020. CMMC will be a single standard for all DoD contracts that considers the security control and the institutionalization of cyber processes across a contractor's enterprise assets including development environments for mission systems. Previous regulations [...]

CMMC Compliance Solutions2022-02-04T14:14:59+00:00

Look Before You Leap: The Value of FedRAMP Pre-Assessment

2022-02-04T14:18:32+00:00

By Corey Clements “The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.” FedRAMP could be described as an assessment. Therefore, a pre-assessment before the assessment might be considered redundant and unnecessary. But the reality [...]

Look Before You Leap: The Value of FedRAMP Pre-Assessment2022-02-04T14:18:32+00:00
Go to Top