Two Kinds of Assessments

FedRAMP Pen Test Scope vs. Rules of Engagement Explained

| | FedRAMP
FedRAMP has strict requirements for the security of the companies looking to earn their certification. Among the many requirements you need to navigate are tests from your C3PAO, simulating malicious actors and common threat vectors. In order to understand what you need to do to pass, it’s worth going over ... Read More
What is the Risk Register, Specifically

ISO 27001 Risk Register Setup: Step-by-Step Guide

| | ISO 27001
While we talk a lot on this site about the US Government’s various cybersecurity frameworks, like FedRAMP and CMMC, there’s one significant framework that deserves just as much attention: ISO 27001. ISO 27001, being an ISO standard, is an international framework for cybersecurity divorced from any one country’s government. It’s ... Read More
Mistake #1 Not Understanding What an SSP Is

Avoid FedRAMP Delays: 7 Common SSP Mistakes to Fix

| | FedRAMP
Seeking a FedRAMP authority to operate is a critical part of any cloud service looking to work with the government in an official capacity. It’s required if you are going to handle controlled unclassified information on behalf of the government or its contractors, and since the requirements trickle down, you ... Read More
What is DFARS 7012

DoD Cyber Clause Flowdown: What Suppliers Must Do

| | security
The Department of Defense DFARS Cybersecurity Clause, more commonly known as the DoD Cyber Clause (or just DFARS 7012), is the long-standing set of rules the DoD has put in place for all members of the DoD supply chain and defense industrial base. It has also spread beyond those boundaries ... Read More
What is Reciprocity

How FedRAMP Reciprocity Works with Other Frameworks

| | FedRAMP
FedRAMP is the Federal Risk and Authorization Management Program, and it’s one of the most widely used governmental cybersecurity frameworks across the United States. It’s meant to serve as the gatekeeper for any contractor looking to work with the federal government to ensure that everyone across the board has a ... Read More
What is the SPRS Score

DoD SPRS Scores: How Often Should You Update Them?

| | security
The overall defense industrial base is growing increasingly aware of the needs of modern information and cyber security. From recent major supply chain attacks to the constant threat of nation-state actors trying to compromise systems, it’s important to be committed to the best security you can implement, no matter where ... Read More
What Changes in CMMC from Rev 2 to Rev 3

The CMMC Rev 2 to Rev 3 Memo: What’s Changed?

| | CMMC
The world of cybersecurity is always changing, with rapid evolution in both threat and response creating a continual churn in knowledge, technology, and standards. Frameworks meant to help protect systems and businesses, especially the government, tend to be comparatively slow. It takes a lot of momentum and effort to get ... Read More
All About Scoping for CMMC

How to Handle CMMC Scoping for Remote Employees

| | CMMC
CMMC mandates that companies working as part of the government supply line need to comply with a level of security determined by their handling of controlled information. Identifying the level of compliance necessary for your business is the first step in achieving that compliance. The second step is scoping. All ... Read More
The Basics of Encryption

Guide: What is KMI (Key Management Infrastructure)?

| | security
One of the most critical elements of modern information security is encryption. Encryption is a complex field based solely on the arms race between people seeking secure ways to encode and encrypt data at rest and in transit and those seeking to break that encryption. Encryption is extremely commonplace. Most ... Read More
What is COMSEC

What is COMSEC? Training, Updates, Audits & More

| | security
Here at Ignyte, we talk a lot about various overarching information security frameworks, like FedRAMP, CMMC, and ISO 27001. Within these overall frameworks exist a range of smaller and narrower standards, including COMSEC. If you’ve seen COMSEC as a term, you may be passingly familiar with what it is, but ... Read More