Advice for writing a successful FedRAMP SSP A FedRAMP SSP (System Security Plan) is the bedrock of a FedRAMP assessment and the primary document of the security package in which a cloud service provider (CSP) details their system architecture, data flows and authorization boundaries, and all security controls and their implementation. Keep in mind that… Read More
FedRAMP Certification Can Help Grow Your Cloud Service Business The Federal Risk and Authorization Management Program (FedRAMP) was designed to support the federal government’s “cloud-first” initiative by making it easier for federal agencies to contract with cloud providers. Like FISMA, DFARS, CJIS, and HIPAA, FedRAMP’s security controls are based on NIST 800-53. If your cloud… Read More
Verizon, Trump Hotels, and the RNC are Among the Recent Victims of Third-Party Breaches Even if your own cyber security is up to snuff, your organization could be at risk of third-party breaches if your business partners are not as diligent as you are. Verizon just learned this lesson the hard way after one of… Read More
We get it. We completely understand why you still use Excel as an assessment and audit tool. We suffered through it just the same but we believe that working smarter and not harder which is why we invented ITAM IT audit software. The IT Audit Machine (ITAM IT audit software) is the patent pending, industry… Read More
Survival Guidance! MichaelPeters.org and LazarusAlliance.com is making our auditor’s resource for assessing the security controls in federal information systems and organizations free. This is a resource based on the NIST 800-53A framework you may freely use to conduct your organization’s FedRAMP, HIPAA or best practice based security audits. Your results are private and the output… Read More