FedRAMP: Three Stages of Vulnerability Scanning and their Pitfalls
Though vulnerability scanning is only one of the control requirements in FedRAMP, it is actually one of the most frequent pitfalls in terms of impact to an authorization to operate...
Read Article
NIST Special Publication 800-171
Government security breaches seem to hit the news every other month—keep an eye on your investments—including potential breaches caused by contractors. What may be a surprise is the...
Read Article
Clarifying the FedRAMP Penetration Test Requirements
As a Third Party Assessment Organization (3PAO), Schellman regularly conducts FedRAMP assessments for Cloud Service Providers (CSPs). Included during these assessments is a penetration...
Read Article
Could updated controls from NIST drive up cloud security costs?
Among the biggest complaints about the cloud security program known as the Federal Risk Authorization Management Program (FedRAMP) have been the cost for vendors and the time it takes...
Read Article
Match on: FedRAMP vs. ISO 27001
Over the last few years, there has been a push to obtain cloud computing solutions at almost every turn. A plethora of companies continue to provide cloud services to their existing...
Read Article
FedRAMP – 5 Things CSPs Should Already Know
I am delighted that Schellman is now an accredited FedRAMP 3rd Party Assessment Organization (3PAO). This is a testament to our extensive experience in the cloud service provider (CSP) space and...
Read Article
Prepping for FedRAMP – 5 Things CSPs to Note
Originally published on www.fedrampfastforward.com
BrightLine works with many cloud service providers (CSPs) which have built successful business by providing services to the private sector. With...
Read Article
Navigating the Federal Compliance Space - FedRAMP vs FISMA
Even if you aren’t selling to a government agency, it’s important to understand government regulations. The government is the largest single creator, collector, consumer and circulator...
Read Article
Database Security and FedRAMP
Many cloud service providers (CSPs) are not fully addressing the database scanning requirements for FedRAMP and have questions related to database security and FedRAMP. This article details the...
Read Article
FedRAMP and PCI – A Comparison of Scanning and Penetration Testing Requirements
Overview
In the last 30 days, the FedRAMP Program Management Office (PMO) has published guidance for both vulnerability scanning and penetration testing. The updated guidance comes on the heels...
Read Article
FedRAMP & Cloud Brokering – Changing How the DoD Does Business
Via: FCW.com
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessments, authorizations, and...
Read Article
10 steps toward FedRAMP compliance
Via: fcw.com
Read Article
How Does Amazon’s FedRAMP Authorization Affect Cloud Providers?
Originally published at: Northern Virginia ISSA
Read Article
Does SSAE 16 Certified = FISMA Certified?
Introduction
Read Article
