What Is StateRAMP Fast Track?

Much hay has been made about how cloud providers can take advantage of the new StateRAMP program. Only a few years into operations, there are already questions about how governments and cloud providers can leverage the requirements to bring top-tier cybersecurity to a local level. One of these questions involves the adoption of StateRAMP standards… Read More

What Is the Threat-Based Risk Profiling Methodology in FedRAMP?

In February 2022, the FedRAMP Program Management Office updated the rules for their threat-based profiling methodology. This little-known approach to FedRAMP risk profiling and the rating security controls serves as the program’s effort to streamline authorization and program management with industry knowledge and agile development methodologies. 

FedRAMP and FIPS-Defined Impact Levels

One of the foundational pieces of information that a cloud provider needs to know when preparing for their FedRAMP Authorization is the required Impact Level. These levels aren’t generic labels applied by agencies to highlight the importance of their data–they are clearly-defined categories laid out by the National Institute of Standards and Technology (NIST) to… Read More

StateRAMP and Authentication: What You Need to Know

Providers looking into StateRAMP authentication standards may find themselves staring into a stack of requirements documents across multiple security frameworks and government contexts. Not only is this unhelpful for these providers, but it also makes the process sound much more intimidating than it needs to be. In this article, we’ll take a high-level view of… Read More

What Is FedRAMP Connect?

There are two clear paths through FedRAMP Authorization–the agency path and the much less-common Joint Authorization Board (JAB) path. While much more rigorous, this second course opens up several critical doors for cloud offerings that provide real and significant value to various federal agencies. However, the JAB path is exclusive and requires that cloud service… Read More

What Is FedRAMP JAB Provisional Authorization?

Last week, we discussed the process for Agency Authorization under FedRAMP guidelines. This route is, by far, the most common form of Authorization and one that most cloud providers will engage with. However, there are several use cases where a provider may seek more rigorous assessment to better open doors to serve with agencies across… Read More

What Is the FedRAMP Agency Authorization Process?

As cloud service providers pursue their FedRAMP authorization process, they face a significant choice stemming from their ultimate goals in the federal space. This decision is based on how they are pursuing their working relationships with federal agencies and how well the provider is prepared for the rigorous FedRAMP assessment process. When a provider enters… Read More

StateRAMP Requirements for Vulnerability Scanning

Ongoing maintenance and upkeep are a cornerstone of all cybersecurity regulations and frameworks. And for a good reason. The rapidly changing threat landscape that businesses and government agencies face daily necessitates an ever-vigilant approach to cybersecurity. Vulnerability scanning is an important part of compliance and security across almost every data-driven industry. Here, we’re discussing what StateRAMP… Read More

ISO 17065 and the Standard for Certification Bodies

There is no substitute for a competent and impartial auditor in terms of compliance, security, and correct operations. Organizations that can assess and certify technologies and organizations are essential for ensuring accountability and standards of excellence in place, applying to systems that store sensitive data. To modify a common saying, “who watches the auditors?” That’s… Read More

StateRAMP and Monitoring: Breaking Down the StateRAMP Continuous Monitoring Process

StateRAMP takes several of its requirements from FedRAMP, and perhaps one of the most important requirements is continuous monitoring. Continuous monitoring ensures that systems that earned StateRAMP Authorization remain in compliance year after year, avoiding gaps in security and protecting the interest of state and local governments.  

What Documents Are Required for FedRAMP Authorization?

The federal government leans more heavily on technology providers, including cloud computing platforms that support data storage, processing, and office application solutions. Accordingly, the question of data security is live, and the government’s response is to implement the FedRAMP authorization requirement.  Like many other government programs, FedRAMP can threaten to bury the under prepared provider… Read More

Protected Health Information, File Sharing and Email

Protecting patient information is a crucial and necessary part of healthcare… but so is communicating effectively with patients. Considering that email continues to be the most common form of electronic communication, it stands to reason that providers meet patients where they are.  However, HIPAA regulations have rather strict requirements for protecting PHI, and plain email… Read More

What Are Health Industry Cybersecurity Practices (HICP)?

Any organization in the healthcare industry knows that cybersecurity is a critical component of doing business. So much so, in fact, that any enterprise handling protected health information (PHI) must implement and maintain strict cybersecurity and privacy controls to protect patient data from unauthorized disclosure.  However, understanding that HIPAA is a requirement for operation doesn’t… Read More