Test 1 Hi, test Test2 Hi, test test2.1 mini test Test3 Hi, test
Navigating FedRAMP’s Move to Certification Classes
Anchored by the FedRAMP Authorization Act and OMB Memo M-24-15, FedRAMP is undergoing a major change that affects virtually every aspect of how cloud service providers pursue, achieve, and maintain federal authorization. Named FedRAMP 20x, this program is meant to streamline compliance and make it easier for cloud products to enter the federal marketplace. The… Read More
CIRCIA And The Future Of Federal Cyber Incident Reporting
For years, federal visibility into large-scale cyber incidents has depended on voluntary disclosure tied to regulations. The result has been delayed response coordination and inconsistent data quality. The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) changes that model by establishing a uniform reporting framework to provide CISA with near-real-time insight into major… Read More
What is the Duty of Care in Cybersecurity?
Data privacy and security are often framed as organizational requirements, and as such include discussions of ROI, staffing, compliance, and so on. However, the obligations enterprises and agencies face in protecting data extend beyond liability, because the data they protect often represents someone’s life and well-being. As a result, duty of care is evolving from… Read More
CMMC Waivers and the Potential for Strategic Certification
As the CMMC program evolves in 2026, following the solidification of the final rule and the timelines for required certification, the Cyber AB wrestles with the need to streamline adoption across contractors while maintaining strict rigor in compliance and audits. That’s where waivers come in. Now, across the DIB, executives have to decide whether these… Read More
The 2026 Digital Omnibus
For the better part of a decade, doing business under EU digital law has been challenging, with DDPR, ePrivacy updates, the NUS2 Directive, the AI and Data Acts, and others coming in rapid succession. For organizations already investing heavily in compliance frameworks like CMMC, the prospect of layering on yet another set of requirements has… Read More
NIST CSF 2.0 and Universalizing Cybersecurity
Over the past decade, the proliferation of standards, controls, and sector-specific frameworks has created a paradox where the more guidance exists, the harder it is to weed through the complexity and build secure systems that comply with that guidance. This is where NIST Cybersecurity Framework (CSF) 2.0 comes in. CSF functions as a translation layer,… Read More
FedRAMP Ready, Class A Certification, and Breaking Into the Federal Market
The updates and expansion of FedRAMP make a few things clear, the most significant of which is that government agencies are counting on cloud tools to help them do their work. But they also want certainty. The FedRAMP Ready designation was meant to bridge the gap between agencies seeking audited platforms and SaaS providers seeking… Read More
FedRAMP and the Data Broker Loophole
A new congressional report recommending a FedRAMP-style framework for commercial data brokers has reignited a long-running debate in Washington: whether federal agencies should be able to buy sensitive personal data on the open market without the same legal scrutiny required for traditional surveillance. Supporters of reform argue that the rapid growth of the data brokerage… Read More
MSPs, CMMC, and FedRAMP in 2026
For MSPs supporting defense contractors, federal agencies, and cloud service providers, 2026 marks a turning point when most regulatory bodies expect architecture, compliance, and service delivery to align. This is made even more readily apparent with changes in federal requirements. The DoD’s phased rollout of CMMC and FedRAMP 20x are clear signal that the government… Read More
Continuous Controls Monitoring and Real-Time Compliance
The move to continuous controls monitoring is quickly becoming the baseline expectation for how security and compliance programs operate, particularly in cloud-first, identity-driven environments. What was once framed as “continuous compliance” or “real-time assurance” has now become a necessity driven by how risk and regulations actually function.
How AI Is Redefining Governance, Risk, and Compliance
GRC has always been at the forefront of innovation, having to respond to the latest and most creative threats. Artificial intelligence is simply forcing innovation to become faster. Moreso, it’s forcing us to rethink what GRC actually is now and into the next decade. AI-driven GRC is emerging as the next operating paradigm built on… Read More
What The 2026 FedRAMP RFCs Mean For Cloud Providers
With the January 2026 release of multiple RFCs tied to the FedRAMP Authorization Act, the program is shifting from incremental process tweaks to structural modernization. This has been on the horizon for a while now, with the announcement of the FedRAMP 20x program. But this string of RFCs signals that the program is finalizing the… Read More
IAL, Compliance, and MSPs
This shift to identity-based security has had major implications for compliance. Frameworks like FedRAMP, CMMC, and NIST 800-series controls all rely on strong identity practices. Yet areas like Identity Assurance remain a consistent challenge. Many organizations assume that if a user can log in with MFA, their identity is secure. In reality, authentication only proves… Read More
HIPAA Updates in 2026
The core HIPAA Privacy and Security Rules were written in a very different era, before cloud computing, large-scale data exchange, and ransomware became a systemic risk to healthcare. While there have been updates to address the digital age (namely, HITECH), there are still gaps in HIPAA’s approach to distributed cloud systems. The latest round of… Read More
MSPs and Supporting Modern Compliance
As regulatory scrutiny is increasing, customers are more demanding, and security failures carry reputational and financial consequences that far outweigh the cost of prevention. In response, Managed Service Providers are redefining their role. Instead of offering compliance as a one-off consulting engagement, they are transforming it into a repeatable, scalable managed service. This is an… Read More
Passwordless Authentication and the Identity Perimeter
Passwordless authentication is a potential lynchpin for organizations struggling with identity as their security perimeter. While neither FedRAMP nor CMMC explicitly mandates passwordless technologies, both frameworks set requirements and outcomes that passwordless authentication can meet. For organizations operating in regulated environments, especially those handling government data or CUI, passwordless authentication is no longer an emerging… Read More
Salt Typhoon, Rootkits, and Compliance
When U.S. officials began publicly discussing the threat actor known as Salt Typhoon, it was clear this was something beyond mere disorganized attacks. But for compliance leaders, the more important question was how a campaign of this scale could operate for so long within systems that were supposed to be compliant? At the center of… Read More
CISA and Cross-Sector Cybersecurity Performance
CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs) reflect the federal government’s effort to raise the baseline for basic cybersecurity effectiveness. CPG 2.0 breaks away from the idea of a strict framework, instead establishing a strategic, outcome-driven baseline for cybersecurity performance that cuts across industries, operating environments, and organizational maturity levels. For CISOs, CIOs, and compliance officers,… Read More
CISA, Compliance and the Industry Engagement Platform (IEP)
CISA’s Industry Engagement Platform (IEP) signals a meaningful shift in how that relationship works. While the platform is not a compliance or procurement system it represents something arguably more useful: a formalized, structured mechanism for continuous engagement between CISA and the private sector. For organizations operating in regulated environments, particularly those subject to FedRAMP, CMMC,… Read More
How to Navigate Evolving State Privacy Laws
There isn’t a country-wide privacy law in the U.S., much to the chagrin of states and American businesses that thrive on clarity. While frameworks like GovRAMP exist, they aren’t enforced by the government and serve more as a blueprint than a law. Now, however, state-level privacy regulation has begun to fill the gap. With multiple… Read More
Lessons From MongoDB And MongoBleed
Open source software is a reality of modern computing, and there really isn’t a space where it doesn’t touch at least some aspect of an IT stack. Even the most locked-down software will include libraries and utilities that rose from an open-source project built by well-meaning developers to solve everyday problems. The challenge is that… Read More
Tech Debt and Reliance on Open-Source Security
Open-source software is the cornerstone of most IT platforms and infrastructure. This reliance extends beyond major applications; most software worldwide relies, in part, on even the smallest OSS library that solves a critical problem. For businesses subject to FedRAMP, CMMC, and other federal jurisdictions, this is a solid way to plan their compliance. As we’re… Read More
What Is Brickstorm Malware?
Recently, U.S. and allied cybersecurity agencies, including CISA, the NSA, and Canada’s Centre for Cyber Security, issued a series of alerts and analysis reports warning of ongoing malicious activity associated with a sophisticated backdoor malware known as Brickstorm. This malware, attributed to state-sponsored threat actors linked to China, has demonstrated the capability to maintain long-term,… Read More