Anchored by the FedRAMP Authorization Act and OMB Memo M-24-15, FedRAMP is undergoing a major change that affects virtually every aspect of how cloud service providers pursue, achieve, and maintain federal authorization. Named FedRAMP 20x, this program is meant to streamline compliance and make it easier for cloud products to enter the federal marketplace.

The most visible of those changes is the retirement of the legacy FIPS 199 security categories (Low, Moderate, and High) in favor of a new alphabetical system: Certification Classes A through D.

We’re walking through these new classes and what they mean for agencies seeking Authorization.

Read More

Data privacy and security are often framed as organizational requirements, and as such include discussions of ROI, staffing, compliance, and so on. However, the obligations enterprises and agencies face in protecting data extend beyond liability, because the data they protect often represents someone’s life and well-being. 

As a result, duty of care is evolving from a legal obligation into a defining principle of governance. The organizations that recognize this shift are reframing risk management as such an obligation. 

Read More

Cybersecurity leadership has entered a new era of accountability. Boards, regulators, customers, and insurers increasingly expect CISOs to demonstrate that systems are both compliant and effective.

Compliance platforms are evolving from administrative tools into strategic infrastructure. They are becoming the operational layer that enables security programs to scale governance, translate technical risk into business terms, and provide defensible evidence of due diligence.

Read More