FedRAMP

FedRAMP Tailored: New Program for Cloud Service Providers (CSPs)

The Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services, released FedRAMP Tailored on September 28, 2017. This new Baseline was designed and developed for Cloud Service Providers (CPS) with Low-Impact Software-as-a-Service (LI-SaaS) Systems, supporting emerging technology […]

Read More

Are You Ready for the DOE Annual Audit? 6 Steps to Ensure Compliance

As the digital landscape evolves and transforms the way organizations run their operations, many experience unprecedented opportunities as well as new challenges. In recent years, universities and colleges have experienced a higher number of cyber-attacks and security breaches due to a lack of a proper security infrastructure to secure student information, including financial aid. For […]

Read More

FedRAMP: Understanding the Fundamentals (FAQ)

Any organization seeking to provide cloud products or solutions to a federal agency will need to go through a FedRAMP Readiness Assessment and then a full FedRAMP assessment to receive an Authorization to Operate (ATO) which ensures the security of its hosted information meets FedRAMP requirements. The Federal Risk and Authorization Management Program (FedRAMP) is […]

Read More

HITRUST Updates: CSFBASICs, HITRUST CSF v8.1, HITRUST CSF v9

On March 1, 2017, HITRUST announced its roadmap for 2017, which included improvements to the HITRUST CSF and a renewed focus on smaller healthcare organizations. The roadmap focuses on combating cyber threats and information risks while advancing protection standards regarding healthcare data through CSFBASICs, HITRUST CSF v8.1, HITRUST CSF v9, and CSF Assurance Program v9. […]

Read More

FedRAMP vs. FISMA: Choosing the Right Standard for Your Federal Clients

When pursuing federal clients or servicing existing federal clients, there are a number of unique compliance needs due to the sensitivity of the federal information. Standards such as FedRAMP and FISMA exist to create consistent security standards for organizations seeking federal agency clientele. FISMA, or the Federal Information Security Management Act of 2002 is the […]

Read More

FedRAMP: Outline of Timeliness and Accuracy of Testing

As FedRAMP continues to emphasize the FedRAMP Accelerated program, which is meant to reduce approval time for the Joint Authorization Board (JAB), they have released additional guidance on the Timeliness and Accuracy of Testing Requirements. FedRAMP Timeliness and Accuracy of Testing There are three categories associated with testing in the authorization package: Penetration Testing Vulnerability […]

Read More

FedRAMP Accelerated

Author: Cheryl Zobel, Managing Consultant at A-LIGN. FedRAMP, or the Federal Risk and Authorization Management Program, is a government program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. The FedRAMP Program Management Office (PMO) has retooled the program, specifically to improve the processes in place and […]

Read More

Relevant Audit Selection for Cloud Providers

Just as in physical storage, cloud service providers are used to store sensitive data.  This can be anything from credit card information to personal information such as social security numbers.  There are three key cloud services:  Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).  The storage of […]

Read More

FedRAMP Releases Updated Logo & FedRAMP Forward

  FedRAMPSM has released their newly redesigned logo in coordination with the release of “FedRAMP Forward: 2 Year Priorities.”  FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.  

Read More

Understanding FedRAMP: Cloud Service Provider’s Top 4 Questions Answered

By: Gene Geiger, Partner of A-LIGN Security and Compliance Services As an information security and audit firm focused on the compliance needs of service providers, A-LIGN’s accreditation as a FedRAMP third party assessment organization (“3PAO”) is a natural fit with our existing service offerings. Since becoming a FedRAMP 3PAO, we have noticed a trend in client […]

Read More