FedRAMP Pen Test Scope vs. Rules of Engagement Explained
FedRAMP has strict requirements for the security of the companies looking to earn their certification. Among the many requirements you need to navigate are tests from your C3PAO, simulating malicious actors and common threat vectors. In order to understand what you need to do to pass, it’s worth going over ... Read More
ISO 27001 Risk Register Setup: Step-by-Step Guide
While we talk a lot on this site about the US Government’s various cybersecurity frameworks, like FedRAMP and CMMC, there’s one significant framework that deserves just as much attention: ISO 27001. ISO 27001, being an ISO standard, is an international framework for cybersecurity divorced from any one country’s government. It’s ... Read More
Avoid FedRAMP Delays: 7 Common SSP Mistakes to Fix
Seeking a FedRAMP authority to operate is a critical part of any cloud service looking to work with the government in an official capacity. It’s required if you are going to handle controlled unclassified information on behalf of the government or its contractors, and since the requirements trickle down, you ... Read More
DoD Cyber Clause Flowdown: What Suppliers Must Do
The Department of Defense DFARS Cybersecurity Clause, more commonly known as the DoD Cyber Clause (or just DFARS 7012), is the long-standing set of rules the DoD has put in place for all members of the DoD supply chain and defense industrial base. It has also spread beyond those boundaries ... Read More
How FedRAMP Reciprocity Works with Other Frameworks
FedRAMP is the Federal Risk and Authorization Management Program, and it’s one of the most widely used governmental cybersecurity frameworks across the United States. It’s meant to serve as the gatekeeper for any contractor looking to work with the federal government to ensure that everyone across the board has a ... Read More
DoD SPRS Scores: How Often Should You Update Them?
The overall defense industrial base is growing increasingly aware of the needs of modern information and cyber security. From recent major supply chain attacks to the constant threat of nation-state actors trying to compromise systems, it’s important to be committed to the best security you can implement, no matter where ... Read More
The CMMC Rev 2 to Rev 3 Memo: What’s Changed?
The world of cybersecurity is always changing, with rapid evolution in both threat and response creating a continual churn in knowledge, technology, and standards. Frameworks meant to help protect systems and businesses, especially the government, tend to be comparatively slow. It takes a lot of momentum and effort to get ... Read More
How to Handle CMMC Scoping for Remote Employees
CMMC mandates that companies working as part of the government supply line need to comply with a level of security determined by their handling of controlled information. Identifying the level of compliance necessary for your business is the first step in achieving that compliance. The second step is scoping. All ... Read More
Guide: What is KMI (Key Management Infrastructure)?
One of the most critical elements of modern information security is encryption. Encryption is a complex field based solely on the arms race between people seeking secure ways to encode and encrypt data at rest and in transit and those seeking to break that encryption. Encryption is extremely commonplace. Most ... Read More
What is COMSEC? Training, Updates, Audits & More
Here at Ignyte, we talk a lot about various overarching information security frameworks, like FedRAMP, CMMC, and ISO 27001. Within these overall frameworks exist a range of smaller and narrower standards, including COMSEC. If you’ve seen COMSEC as a term, you may be passingly familiar with what it is, but ... Read More
