Security, Compliance, and the Decline of Third-Party Cookies

Jan 11, 2024 Continuum GRC 0 Comment

The issue of cookies and user tracking has long been an issue, but the importance of these marketing and development tools has kept them a vital part of our web experiences. However, Google announced that its popular Chrome browser would no longer support third-party cookies, and in January 2024, they began rolling out anti-cookie technology.

This has significantly impacted businesses managing compliance with regulations, primarily with GDPR privacy requirements. Here, we’ll discuss why cookies have special consideration under GDPR rules and how businesses can address these issues.

StateRAMP, System Security Plans, and the Operational Control Matrix

Jan 4, 2024 Continuum GRC 0 Comment

StateRAMP is based on the FedRAMP standard, which means that it uses a similar set of documents and requirements to assess and authorize cloud service providers. One of the key documents of both StateRAMP and FedRAMP is the System Security Plan (SSP), which represents the provider’s security controls, compliance perimeter, and capabilities.

In Revision 5, StateRAMP has seemingly moved from the traditional SSP toward an “operational control matrix,” or systematized document outlining the same information. Here, we’ll cover the SSP/control matrix and what it represents for the provider during StateRAMP authorization.

What Are Core Documents for StateRAMP Authorization?

Dec 27, 2023 Continuum GRC 2 Comment

StateRAMP, much like FedRAMP, includes a series of documents that the cloud provider and their 3PAO must complete before they are fully authorized. These documents align with several stages of the assessment process and provide regulating authorities with the proof they need to see that the cloud offering meets requirements.

Here, we summarize the documents you must complete as part of your StateRAMP assessment process.