Last week, we discussed the process for Agency Authorization under FedRAMP guidelines. This route is, by far, the most common form of Authorization and one that most cloud providers will engage with. However, there are several use cases where a provider may seek more rigorous assessment to better open doors to serve with agencies across the government. As such, these CSPs may seek Provisional Authorization to Operate (P-ATO) from the Joint Authorization Board.

Read More

As cloud service providers pursue their FedRAMP authorization process, they face a significant choice stemming from their ultimate goals in the federal space. This decision is based on how they are pursuing their working relationships with federal agencies and how well the provider is prepared for the rigorous FedRAMP assessment process. When a provider enters directly into a working relationship with a federal agency, they will almost certainly work through the FedRAMP “Agency” process.

Read More

Ongoing maintenance and upkeep are a cornerstone of all cybersecurity regulations and frameworks. And for a good reason. The rapidly changing threat landscape that businesses and government agencies face daily necessitates an ever-vigilant approach to cybersecurity. Vulnerability scanning is an important part of compliance and security across almost every data-driven industry. Here, we’re discussing what StateRAMP has to say about vulnerability scanning, including frequency, reporting, and remediation requirements.

Read More