We say this just about every time the subject comes up (which is often, given our industry and role in it), but valid information security is not a state of being. It is a moving target and a process. Achieving certification for a certain level of security is a snapshot ... Read More

If your business has to adhere to compliance rules for a framework like FedRAMP, CMMC, or ISO 27001, keeping track of all of the proof of implementation and artifacts is a full-time job. From individual security controls to overall framework compliance to ISMS implementation to stakeholder assignments, it can very ... Read More

Part of the process of achieving certification with CMMC is undergoing an audit to validate your security posture across all of the relevant security controls. This can’t be done internally; part of maintaining a valid security framework is using third-party assessors to do the validation, to ensure an unbiased and ... Read More

Cloud service providers looking to work with the government, whether it’s at the state and local level or at the federal level, will have to adhere to certain cybersecurity standards. At the federal level, the program is called FedRAMP: the Federal Risk and Authorization Management Program. This program is required ... Read More

Most of the time on the Ignyte blog, we talk about overarching security frameworks like FedRAMP, CMMC, and ISO 27001. Sometimes, though, it’s worth digging deeper into smaller-scale elements of these frameworks. Today’s target is ISO 27017, the ISO/IEC publication focusing on cloud service security. What does this document entail, ... Read More

Here at Ignyte, we talk a lot about the major governmental cybersecurity frameworks like FedRAMP and CMMC or the international framework ISO 27001. What we don’t talk about as much – but which is no less important – are smaller-scale or more limited frameworks. SOC is one such framework, and ... Read More