stackArmor

Blog Archives - stackArmor

The FedRAMP program has successfully enabled commercial cloud computing adoption by Federal and DOD agencies for over 14 years, establishing itself as a cornerstone of secure cloud adoption within the government. Despite recent uncertainties and speculation within the community, it’s important to remember that the program’s fundamental principles remain strong ... Read More

OMB Memo M-24-15 published on July 24, 2024 directed GSA and the FedRAMP PMO to streamline the FedRAMP ATO process using NIST OSCAL. By late 2025 or early 2026 (18 months after the issuance of the memo), GSA must ensure the ability to receive FedRAMP authorization and continuous monitoring artifacts ... Read More

A New Way to SSP: The Component Definition Approach to Defining Controls Guest Post by Johann Dettweiler, CISO, stackArmor Imagine a world where the “say nothing” narrative implementation statements, rampant across the landscape of System Security Plans (SSPs), get replaced by a definitive, understanding of system state to determine the ... Read More

California’s AI RAMP or FedRAMP for AI?: Urgent need for an actionable and enforceable US safety and security framework for AI California State Bill 1047 was passed today by the Assembly where it heads to the Senate and the Governor’s desk for consideration. SB 1047 is remarkable for the specificity ... Read More

The advent of artificial intelligence (AI) is transforming practically every corner of our world. Concurrently, the need for MLSecOps platforms has become fundamental in ensuring the security of AI systems.  Traditional security models often fall short in addressing the unique vulnerabilities inherent in AI systems. The integration of AI into ... Read More

The Cybersecurity Maturity Model Certification program gives the Defense Department a mechanism to verify the readiness of defense contractors both large and small to handle controlled unclassified information and federal contract information in accordance with federal regulations. The CMMC 2.0 program is currently in the final rulemaking phase with implementation expected ... Read More

Microsoft Azure provides a suite of highly integrated security services that provide a cost-effective solution for Defense contractors looking to meet the CMMC 2.0 requirements. The Cybersecurity Maturity Model Certification (CMMC) is a framework designed to enhance the security posture of companies that work with the Department of Defense (DoD) ... Read More

Alec Meyer, Sr. Cloud Solutions Specialist As cloud adoption continues its meteoric rise, so too does the complexity of securing diverse environments. At stackArmor, our ThreatAlert® Security Platform has been a cornerstone for achieving and maintaining compliance within Amazon Web Services (AWS) and Microsoft Azure. Moreover, ThreatAlert® is also fully ... Read More

The FedRAMP PMO announced the Emerging Technology Prioritization Framework (ETPF) to fast-track AI solutions in code generation, image generation, and chatbots. Cloud service providers (CSP) with existing FedRAMP authorizations can now add OpenAI services to their current Cloud service offerings (CSO). This can be done by following FedRAMP’s prescribed change ... Read More

FedRAMP compliance costs can be broken up into two parts: 1) initial ATO costs and 2) ongoing authorization or continuous monitoring costs. The initial FedRAMP compliance professional services costs for the most part vary between $250,000 to $750,000 depending on the support required, accreditation level and size of the environment ... Read More