There’s recently been a push within FedRAMP towards modernizing the framework to meet modern security challenges and better align federal security standards across agencies and technologies. 

Part of this push is standardizing how security controls are measured and assessed, and the most recent blog from FedRAMP mentions a new standard–OSCAL. 

Here, we will discuss OSCAL, why the National Institute of Standards and Technology (NIST) is creating it to address assessments, and how we streamline them. 

Read More

Understanding IRS Publication 4812 is not just about compliance; it’s about upholding a standard of trust and integrity crucial to the IRS’s operations and the taxpayers’ confidence. This relatively new standard addresses how contractors in the federal supply chain handle data specific to the Internal Revenue Service (IRS) and its mission of maintaining the privacy of citizens’ information. 

This article will cover the basics of IRS 4812, including what it is and the bird’s-eye view of what it expects from contractors. 

Read More

A new report shines a light on some unfortunate news in the world of federal cybersecurity. According to the U.S. Government Accountability Office (GAO), only three of 23 federal agencies have reached their expected logging requirements as dictated by Executive Order 14028.

In this article, we’re talking about this executive order and what it calls for in security logging, why logging is critical in cybersecurity, and what you can do to ensure that you’re at least familiar with what it means to use logging as a method of preparedness properly.

Read More