NIST 800-53 Rev 5 and FedRAMP: What’s Happening in Federal Cloud Compliance?

NIST 800-53 featured

FedRAMP is a relatively stable framework. Built on NIST Special Publication 800-53, the requirements that Cloud Service Providers (CSPs) and Managed Service Providers (MSPs) are clear and straightforward, depending on their services. NIST SP 800-53 is subject to revision, however, and the most recent version (Revision 5) was finally published in September of 2020. This revision signals changes that could impact providers under FedRAMP authorization. 

Here, we’ll cover NIST 800-53 and how it relates to FedRAMP, as well as some of the information we currently have regarding the new revision and how FedRAMP adoption might roll out. 

 

Read More

What are Impact Levels in StateRAMP Compliance?

StateRAMP Impact Levels Featured

As Cloud Service Providers (CSPs) work with State agencies, many of them are undergoing StateRAMP certification. Fortunately, StateRAMP is much like FedRAMP in that it follows several of the same guidelines, requirements, and process structures.

Here, we’ll break down one of the basic aspects of StateRAMP Impact Levels. The StateRAMP Impact level directly relates to the security required from an agency, and the kinds of controls that a CSP must implement. 

Read More