What Is the Open Security Controls Assessment Language (OSCAL)?

Dec 21, 2023 Continuum GRC 0 Comment

There’s recently been a push within FedRAMP towards modernizing the framework to meet modern security challenges and better align federal security standards across agencies and technologies.

Part of this push is standardizing how security controls are measured and assessed, and the most recent blog from FedRAMP mentions a new standard–OSCAL.

Here, we will discuss OSCAL, why the National Institute of Standards and Technology (NIST) is creating it to address assessments, and how we streamline them.

What Is IRS 4812?

Dec 14, 2023 Continuum GRC 0 Comment

Understanding IRS Publication 4812 is not just about compliance; it’s about upholding a standard of trust and integrity crucial to the IRS’s operations and the taxpayers’ confidence. This relatively new standard addresses how contractors in the federal supply chain handle data specific to the Internal Revenue Service (IRS) and its mission of maintaining the privacy of citizens’ information.

This article will cover the basics of IRS 4812, including what it is and the bird’s-eye view of what it expects from contractors.

Logging Requirements for Federal Agencies and the Importance of Logging for Cybersecurity

Dec 9, 2023 Continuum GRC 0 Comment

A new report shines a light on some unfortunate news in the world of federal cybersecurity. According to the U.S. Government Accountability Office (GAO), only three of 23 federal agencies have reached their expected logging requirements as dictated by Executive Order 14028.

In this article, we’re talking about this executive order and what it calls for in security logging, why logging is critical in cybersecurity, and what you can do to ensure that you’re at least familiar with what it means to use logging as a method of preparedness properly.