Awareness

Managed Service Providers: How Secure Are Your Services?

Mar 31, 2022 Continuum GRC 0 Comment

Featured MSP cybersecurity tools by Continuum GRC. Drive 2025 GRC success with cloud security, risk management, and compliance software for managed services.

The increasing use of cloud vendors and third-party providers has made advanced IT infrastructure and expertise available even to smaller organizations. It has also created an interconnected ecosystem of businesses, government agencies, utility firms and managed service providers (MSPs) that can potentially compromise security across multiple systems.

If you’re a managed service provider, it’s your responsibility to ensure that your systems are secure, that your partnerships are equally secure, and that you maintain continuing risk management and monitoring against all services.

What Is SSAE 18, and How Does it Relate to SOC Reports?

Mar 23, 2022 Continuum GRC 0 Comment

Featured SSAE 18 insights from Continuum GRC. Enhance 2025 compliance with top GRC software, risk assessment, and AI-powered cybersecurity defenses.

SSAE 18 is a statement that sets standards for reporting on the controls and processes related to financial reporting. It comes from the American Institute of Certified Public Accountants, outlining the framework for reporting on internal controls. The SSAE 18 is designed to provide assurances that the reporting of service organizations is secure, thorough, and on point. For SOC reports, an SSAE 18 statement outlines controls to ensure they’re reliable.

Most organizations have at least heard of SOC reports. Published and administered by the American Institute of Certified Professional Accountants (AICPA), the SOC umbrella of attestations helps organizations demonstrate adherence to best practices around data privacy, cybersecurity, risk assessment and financial reporting.

Since SOC requirements come directly from the AICPA, the organization releases documents pertaining to guidance for audits and compliance. One of the primary documents for SOC compliance is Statement on Standards for Attestation Engagements no. 18 (SSAE 18).

FedRAMP and CISA: What Is Binding Operational Directive 22-01

Mar 16, 2022 Continuum GRC 0 Comment

Featured FedRAMP guides by Continuum GRC. Achieve 2025 regulatory compliance with top GRC software for federal cloud security and vulnerability management.

Managing cybersecurity threats is a full-time job, and most cybersecurity specialists rely on shared knowledge between experts in the field to combat these threats. The Common Vulnerabilities and Exposures (CVE) database provides a starting point for this kind of knowledge, centralizing an index of known security vulnerabilities in the wild.

The CVE program recently joined with the Cybersecurity and Infrastructure Security Agency (CISA), which then feeds into new directives for federal agencies and cloud service providers (CSPs). One of these directives, Binding Operational Directive 22-01, establishes this new list and several other requirements for regulated organizations and is trickling down into other security requirements, including FedRAMP.