FedRAMP

Avoid FedRAMP Delays: 7 Common SSP Mistakes to Fix
Seeking a FedRAMP authority to operate is a critical part of any cloud service looking to work with the government in an official capacity. It’s required if you are going to handle ...

How FedRAMP Reciprocity Works with Other Frameworks
FedRAMP is the Federal Risk and Authorization Management Program, and it’s one of the most widely used governmental cybersecurity frameworks across the United States. It’s meant to serve as the gatekeeper for ...

How to Vet SaaS Apps Using FedRAMP Equivalency
As much as some people dislike it, the world is interconnected, and to operate a business successfully, you will have to use the products or services produced by other businesses. Under normal ...
FedRAMP: Adapting to a Dynamic Landscape While Balancing Security with Efficiency
The FedRAMP program has successfully enabled commercial cloud computing adoption by Federal and DOD agencies for over 14 years, establishing itself as a cornerstone of secure cloud adoption within the government. Despite ...

CMMC vs FedRAMP: Do They Share Reciprocity?
Throughout this blog, we often write about both FedRAMP and CMMC as cybersecurity frameworks applied to the federal government and its contractors. These frameworks share a lot of the same DNA stemming ...

FedRAMP ConMon vs Audits: What’s the Difference?
A lot goes into protecting the information security of the nation. The National Institute of Standards and Technology, NIST, maintains a list of security controls under the banner of NIST SP 800-53, ...

Guide: FedRAMP Requirements for Vulnerability Scanning
FedRAMP is a key part of maintaining the digital security of the federal government, by way of enforcing security rules across departments and the cloud service providers that work with them. Any ...

Continuous Monitoring Guide: FedRAMP Meets Zero Trust
Security isn’t something you implement once and leave alone. It’s a mindset, an operation, and an ongoing policy. Security frameworks like FedRAMP require a process called continuous monitoring in order to remain ...
Making FedRAMP ATOs Great with OSCAL and Components
OMB Memo M-24-15 published on July 24, 2024 directed GSA and the FedRAMP PMO to streamline the FedRAMP ATO process using NIST OSCAL. By late 2025 or early 2026 (18 months after ...

A New Way to SSP: The Component Definition Approach to Defining Controls
A New Way to SSP: The Component Definition Approach to Defining Controls Guest Post by Johann Dettweiler, CISO, stackArmor Imagine a world where the “say nothing” narrative implementation statements, rampant across the ...