FedRAMP and FIPS-Defined Impact Levels

impact levels featured

One of the foundational pieces of information that a cloud provider needs to know when preparing for their FedRAMP Authorization is the required Impact Level. These levels aren’t generic labels applied by agencies to highlight the importance of their data–they are clearly-defined categories laid out by the National Institute of Standards and Technology (NIST) to structure security requirements.

 

Read More

ISO 17025 and Requirements for Security Labs and Testing

iso 17025 featured

When we discuss cybersecurity, it’s most often done in the context of audits, assessments, or certifications. However, specific systems and components require more stringent testing standards, ensuring that the technology functions correctly and securely after construction or during ongoing operational use. 

To support the testing and assurance of these components, the National Institutes of Standards and Technology (NIST) operates a program to align testing and laboratory standards with ISO 17025, the international framework for lab calibration and competence. 

Read More