FedRAMP
How to Vet SaaS Apps Using FedRAMP Equivalency
As much as some people dislike it, the world is interconnected, and to operate a business successfully, you will have to use the products or services produced by other businesses. Under normal ...
FedRAMP: Adapting to a Dynamic Landscape While Balancing Security with Efficiency
The FedRAMP program has successfully enabled commercial cloud computing adoption by Federal and DOD agencies for over 14 years, establishing itself as a cornerstone of secure cloud adoption within the government. Despite ...
CMMC vs FedRAMP: Do They Share Reciprocity?
Throughout this blog, we often write about both FedRAMP and CMMC as cybersecurity frameworks applied to the federal government and its contractors. These frameworks share a lot of the same DNA stemming ...
FedRAMP ConMon vs Audits: What’s the Difference?
A lot goes into protecting the information security of the nation. The National Institute of Standards and Technology, NIST, maintains a list of security controls under the banner of NIST SP 800-53, ...
Guide: FedRAMP Requirements for Vulnerability Scanning
FedRAMP is a key part of maintaining the digital security of the federal government, by way of enforcing security rules across departments and the cloud service providers that work with them. Any ...
Continuous Monitoring Guide: FedRAMP Meets Zero Trust
Security isn’t something you implement once and leave alone. It’s a mindset, an operation, and an ongoing policy. Security frameworks like FedRAMP require a process called continuous monitoring in order to remain ...
Making FedRAMP ATOs Great with OSCAL and Components
OMB Memo M-24-15 published on July 24, 2024 directed GSA and the FedRAMP PMO to streamline the FedRAMP ATO process using NIST OSCAL. By late 2025 or early 2026 (18 months after ...
A New Way to SSP: The Component Definition Approach to Defining Controls
A New Way to SSP: The Component Definition Approach to Defining Controls Guest Post by Johann Dettweiler, CISO, stackArmor Imagine a world where the “say nothing” narrative implementation statements, rampant across the ...
Accelerate FedRAMP Compliance on Amazon EKS with Anchore
FedRAMP compliance is table stakes for many enterprises in order to serve government agencies and contractors. Over the past decade, FedRAMP has become more complex and comprehensive. Many enterprises running Amazon EKS ...
California’s AI RAMP or FedRAMP for AI?
California’s AI RAMP or FedRAMP for AI?: Urgent need for an actionable and enforceable US safety and security framework for AI California State Bill 1047 was passed today by the Assembly where ...
