The Federal Information Processing Standard (FIPS) 199 provides organizations and individuals with the necessary guidance to determine a cybersecurity threat’s impact level accurately. These impact levels define the level of security a system should have to protect the data contained therein adequately. 

This article will take you through an overview of FIPS 199 and how it can help you understand the three categories of impact levels, define terms used in FIPS 199, assess the impact of a cybersecurity threat, and provide best practices for interpreting results and mitigating risk. 

Read More

Within the world of healthcare compliance and information security, there’s been increasing confusion around some terms and organizations. We’ve heard a bit about some of this confusion, specifically around HITRUST and HIPAA. 

Both are connected to the preservation of health information, yet they fulfill separate functions and are founded on differing principles. This article clarifies the differences between these two. Whether a healthcare practitioner or a business associate, this guide will describe where HITRUST fits into overall compliance (if at all). 

Read More

The Federal Risk and Authorization Management Program (FedRAMP) plays a pivotal role in safeguarding the security of cloud services within the U.S. federal government. An essential element of this program is the Joint Authorization Board (JAB), which is responsible for prioritizing and authorizing cloud offerings offered by cloud providers. 

The JAB prioritization process is a methodical approach to selecting the most impactful CSOs for a JAB Provisional Authorization to Operate (P-ATO). This process holds significance for upholding the integrity of federal cloud services and shaping the future of cloud technology within the government sector.

Read More