What is an Authorization Boundary for FedRAMP and StateRAMP?

boundary authorization featured

Assessments for both StateRAMP and FedRAMP rely on the 3PAO’s understanding of the systems and people that will interact with a specific government agency. With this knowledge, it’s easier to determine where particular requirements begin and where they end. Across both of these frameworks, this concept is known as the “authorization boundary.” 

The authorization boundary serves as a (sometimes physical, sometimes logical, sometimes administrative) fence that delineates the scope of a cloud system’s operations, setting clear boundaries for where assessment and regulatory requirements begin and end. 

Whether you’re a cloud service provider or a government agency representative, this article will shed light on this essential concept and help you understand its impact on the landscape of cloud security.

 

Read More

Ultimate Security: Data Breach Prevention in 2023

data breach prevention featured

According to a recent report by IT Governance, there were over 70 data breaches in June 2023 alone–accounting for compromising over 14 million data records. Once these records are out in the open, they are often sold on the dark web. Following that, it’s just a matter of time before hackers can use this data to breach accounts and hack into larger systems. 

Unfortunately, data breaches can happen through several attacks–social engineering, identity compromise, or direct threats to applications and infrastructure. 

Here, we will talk about what it means to stay ahead of potential data breaches. It takes a comprehensive approach to threat detection and prevention across several levels of security, none of which are more or less important than the other.  

 

Read More

HIPAA and Internal Security Controls

HIPAA physical security featured

In June 2023, the US. The Department of Health and Human Services (HHS) reached an agreement with Yakima Valley Memorial Hospital over a significant breach of privacy and security rules. Specifically, HHS found that several security guards had inappropriately accessed the private records of up to 419 patients. 

This settlement demonstrated administrative and internal security is essential to Covered Entities and Business Associates. We will discuss these controls and what they mean for HIPAA-regulated organizations. 

 

Read More