Mistake #1 Not Understanding What an SSP Is

Avoid FedRAMP Delays: 7 Common SSP Mistakes to Fix

| | FedRAMP
Seeking a FedRAMP authority to operate is a critical part of any cloud service looking to work with the government in an official capacity. It’s required if you are going to handle ...
What is Reciprocity

How FedRAMP Reciprocity Works with Other Frameworks

| | FedRAMP
FedRAMP is the Federal Risk and Authorization Management Program, and it’s one of the most widely used governmental cybersecurity frameworks across the United States. It’s meant to serve as the gatekeeper for ...
What is FedRAMP Equivalency and Why Does It Exist

How to Vet SaaS Apps Using FedRAMP Equivalency

| | FedRAMP
As much as some people dislike it, the world is interconnected, and to operate a business successfully, you will have to use the products or services produced by other businesses. Under normal ...

FedRAMP: Adapting to a Dynamic Landscape While Balancing Security with Efficiency

| | Blog, FedRAMP
The FedRAMP program has successfully enabled commercial cloud computing adoption by Federal and DOD agencies for over 14 years, establishing itself as a cornerstone of secure cloud adoption within the government. Despite ...
What is Reciprocity

CMMC vs FedRAMP: Do They Share Reciprocity?

| | FedRAMP
Throughout this blog, we often write about both FedRAMP and CMMC as cybersecurity frameworks applied to the federal government and its contractors. These frameworks share a lot of the same DNA stemming ...
FedRAMP in Brief

FedRAMP ConMon vs Audits: What’s the Difference?

| | FedRAMP
A lot goes into protecting the information security of the nation. The National Institute of Standards and Technology, NIST, maintains a list of security controls under the banner of NIST SP 800-53, ...
What is Continuous Monitoring

Guide: FedRAMP Requirements for Vulnerability Scanning

| | FedRAMP
FedRAMP is a key part of maintaining the digital security of the federal government, by way of enforcing security rules across departments and the cloud service providers that work with them. Any ...
What is FedRAMP

Continuous Monitoring Guide: FedRAMP Meets Zero Trust

| | FedRAMP
Security isn’t something you implement once and leave alone. It’s a mindset, an operation, and an ongoing policy. Security frameworks like FedRAMP require a process called continuous monitoring in order to remain ...

Making FedRAMP ATOs Great with OSCAL and Components

| | Blog, FedRAMP, OMB, OSCAL
OMB Memo M-24-15 published on July 24, 2024 directed GSA and the FedRAMP PMO to streamline the FedRAMP ATO process using NIST OSCAL. By late 2025 or early 2026 (18 months after ...
A New Way to SSP: The Component Definition Approach to Defining Controls

A New Way to SSP: The Component Definition Approach to Defining Controls

| | ATO, Blog, FedRAMP, OSCAL, rmf, SSP
A New Way to SSP: The Component Definition Approach to Defining Controls Guest Post by Johann Dettweiler, CISO, stackArmor Imagine a world where the “say nothing” narrative implementation statements, rampant across the ...