What is the Structure of a SOC 2 Report?

SOC 2 report featured

Understanding the structure of a SOC 2 report is essential for both businesses and service providers who are thinking ahead to their audit and attestation. It will serve as the “story” of an organization’s SOC 2 journey, covering the evaluation of their adherence to the Trust Services Criteria (TSC)–security, availability, processing integrity, confidentiality, and privacy. 

In this blog post, we will provide an overview of the standard structure of a SOC 2 report, encompassing its various sections and the information included in each of these segments. 

 

Read More

What Information Is Included in a FedRAMP System Assessment Report (SAR)?

security assessment report featured

The Federal Risk and Authorization Management Program (FedRAMP) is a security assessment and authorization program for cloud services used by the federal government. It is designed to ensure that cloud services meet the federal government’s security requirements, and that sensitive government data remains protected. A critical component of the FedRAMP security authorization process is the Security Assessment Report (SAR).

In this blog post, we will examine the importance of the SAR in the FedRAMP security authorization process and provide an in-depth overview of the information that should be included in the report. We will also discuss the benefits of preparing a comprehensive SAR and the consequences of failing a FedRAMP security assessment.

 

Read More

StateRAMP, Subnetworks, and Boundary Security

stateramp subnetworks featured

StateRAMP guidelines include network security standards from NIST 800-53, with specific requirements for implementing those guidelines based on the application and data processing. Implementing boundary controls is one of the more relevant and sometimes challenging aspects of compliance network security. Here, we will dig into how StateRAMP (and FedRAMP, to some extent) approach subnetworks and boundary security.

 

Read More