Cybersecurity is all over the news. With the SolarWinds and Colonial Pipelines hack, we’ve learned the hard way that critical infrastructure is something we cannot take for granted. That’s why it is so important that IT providers understand why compliance frameworks like FedRAMP are necessary.

Is FedRAMP compliance mandatory? Yes. If you provide cloud services to a federal agency, you must earn your FedRAMP ATO. However, instead of seeing this as another hoop to jump through, take the time to better understand why this is so critical for national security and how it can be a huge benefit to your company overall.

Read More

With the more recent threats and attacks we’ve seen in both the Colonial Pipeline and SolarWinds hacks, the question of infrastructure security is firmly in the collective consciousness. With President Biden’s Executive Order focusing executive resources to beef up cybersecurity, the efforts of the government are turning towards addressing some of the gaps that have been around for the past few years. 

This reality calls for private contractors and any business with infrastructure-critical services in areas like energy, defense, financial services or other areas to take the right steps to address these issues. Fortunately, the NIST Framework for Improving Critical Infrastructure Cybersecurity provides a thorough risk assessment framework to help. 

Read More

StateRAMP, like any other compliance framework, includes several reports to document a provider’s progress through certification for the Program Management Office (PMO). As of February 2021, however, the PMO is still spinning up its resources and and StateRAMP reports templates. As such, many required report templates are slated for availability on the StateRAMP website but are as of yet not published. 

Read More