There’s recently been a push within FedRAMP towards modernizing the framework to meet modern security challenges and better align federal security standards across agencies and technologies. 

Part of this push is standardizing how security controls are measured and assessed, and the most recent blog from FedRAMP mentions a new standard–OSCAL. 

Here, we will discuss OSCAL, why the National Institute of Standards and Technology (NIST) is creating it to address assessments, and how we streamline them. 

Read More

One of the ongoing challenges of GDPR is its (until recently) fragmented compliance and assessment approach. The requirements of GDPR are relatively open–they focus on standards and expectations, not implementation. Therefore, many assessment tools and frameworks have emerged to address the situation. Recently, Europrivacy has risen as a potential centralization of assessments under a common set of rules. 

Read More

The defense sector, responsible for safeguarding national security, is particularly vulnerable to cyber threats. As cyber-attacks become more sophisticated, there’s an urgent need for a comprehensive framework to ensure the security of sensitive data. The Cybersecurity Maturity Model Certification (CMMC) is a strategic initiative by the Department of War (DoW) to enhance the cybersecurity posture of the defense industrial base (DIB) through the use of a standardized maturity model.

This article discusses the latest iteration of this framework, CMMC 2.0, specifically focusing on its foundational level: Level 1 Maturity.

Read More