Any IT or cloud provider working with the government needs to show that they are secured against data breach or theft. As the SolarWinds hack has demonstrated, our interconnected technology systems are under attack from outside entities who want to gain access to critical civil, military, and industrial data and undermine our security. That’s why frameworks like FedRAMP and CMMC exist. 

But do these frameworks play well together? As of right now, there isn’t a clear 1-to-1 relationship between the two. But some similarities between the two could help cloud service providers who want to work with defense agencies prepare their systems for CMMC compliance if they currently have FedRAMP certification. 

Read More

The Department of Defense has made a significant push to improve the security of its cyberinfrastructure and supply chain (known as the Defense Industrial Base), and the result of this push is the Cybersecurity Maturity model Certification (CMMC) initiative. This framework uses existing security guidelines to provide an overview of necessary security requirements for federal contractors working with the DoD.

This framework isn’t just for large corporations. Many DoD agencies work with small and mid-sized businesses to leverage flexible cloud platforms, SaaS technology, or other IT services. That’s why it is just as important for SMBs to consider the impact of CMMC on their business now and over the next 5 years. 

Read More

StateRAMP, like any other compliance framework, includes several reports to document a provider’s progress through certification for the Program Management Office (PMO). As of February 2021, however, the PMO is still spinning up its resources and and StateRAMP reports templates. As such, many required report templates are slated for availability on the StateRAMP website but are as of yet not published. 

Read More